Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
vaadin flow vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2021-31412
Improper sanitization of path in default RouteNotFoundError view in com.vaadin:flow-server versions 1.0.0 up to and including 1.0.14 (Vaadin 10.0.0 up to and including 10.0.18), 1.1.0 before 2.0.0 (Vaadin 11 before 14), 2.0.0 up to and including 2.6.1 (Vaadin 14.0.0 up to and inc...
Vaadin Flow
Vaadin Vaadin
3.5
CVSSv2
CVE-2020-36319
Insecure configuration of default ObjectMapper in com.vaadin:flow-server versions 3.0.0 up to and including 3.0.5 (Vaadin 15.0.0 up to and including 15.0.4) may expose sensitive data if the application also uses e.g. @RestController
Vaadin Flow
Vaadin Vaadin
5
CVSSv2
CVE-2020-36321
Improper URL validation in development mode handler in com.vaadin:flow-server versions 2.0.0 up to and including 2.4.1 (Vaadin 14.0.0 up to and including 14.4.2), and 3.0 before 5.0 (Vaadin 15 before 18) allows malicious user to request arbitrary files stored outside of intended ...
Vaadin Flow
Vaadin Vaadin
4
CVSSv2
CVE-2018-25007
Missing check in UIDL request handler in com.vaadin:flow-server versions 1.0.0 up to and including 1.0.5 (Vaadin 10.0.0 up to and including 10.0.7, and 11.0.0 up to and including 11.0.2) allows malicious user to update element property values via crafted synchronization message.
Vaadin Flow
Vaadin Vaadin
4.3
CVSSv2
CVE-2019-25027
Missing output sanitization in default RouteNotFoundError view in com.vaadin:flow-server versions 1.0.0 up to and including 1.0.10 (Vaadin 10.0.0 up to and including 10.0.13), and 1.1.0 up to and including 1.4.2 (Vaadin 11.0.0 up to and including 13.0.5) allows malicious user to ...
Vaadin Flow
Vaadin Vaadin
5
CVSSv2
CVE-2021-31407
Vulnerability in OSGi integration in com.vaadin:flow-server versions 1.2.0 up to and including 2.4.7 (Vaadin 12.0.0 up to and including 14.4.9), and 6.0.0 up to and including 6.0.1 (Vaadin 19.0.0) allows malicious user to access application classes and resources on the server via...
Vaadin Flow
Vaadin Vaadin 19.0.0
Vaadin Vaadin
1.2
CVSSv2
CVE-2021-33604
URL encoding error in development mode handler in com.vaadin:flow-server versions 2.0.0 up to and including 2.6.1 (Vaadin 14.0.0 up to and including 14.6.1), 3.0.0 up to and including 6.0.9 (Vaadin 15.0.0 up to and including 19.0.8) allows local user to execute arbitrary JavaScri...
Vaadin Flow-server
Vaadin Vaadin
4
CVSSv2
CVE-2021-33605
Improper check in CheckboxGroup in com.vaadin:vaadin-checkbox-flow versions 1.2.0 before 2.0.0 (Vaadin 12.0.0 before 14.0.0), 2.0.0 before 3.0.0 (Vaadin 14.0.0 before 14.5.0), 3.0.0 up to and including 4.0.1 (Vaadin 15.0.0 up to and including 17.0.11), 14.5.0 up to and including ...
Vaadin Vaadin-checkbox-flow
5
CVSSv2
CVE-2021-31405
Unsafe validation RegEx in EmailField component in com.vaadin:vaadin-text-field-flow versions 2.0.4 up to and including 2.3.2 (Vaadin 14.0.6 up to and including 14.4.3), and 3.0.0 up to and including 4.0.2 (Vaadin 15.0.0 up to and including 17.0.10) allows malicious users to caus...
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
SSTI
CVE-2024-35863
CVE-2024-35910
man-in-the-middle
CVE-2024-35912
CVE-2024-25742
LFI
CVE-2024-32002
CVE-2024-22120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started