Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
vaadin vaadin vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2022-29567
The default configuration of a TreeGrid component uses Object::toString as a key on the client-side and server communication in Vaadin 14.8.5 up to and including 14.8.9, 22.0.6 up to and including 22.0.14, 23.0.0.beta2 up to and including 23.0.8 and 23.1.0.alpha1 up to and includ...
Vaadin Vaadin 23.0.0
Vaadin Vaadin
Vaadin Vaadin 23.1.0
5
CVSSv2
CVE-2021-31407
Vulnerability in OSGi integration in com.vaadin:flow-server versions 1.2.0 up to and including 2.4.7 (Vaadin 12.0.0 up to and including 14.4.9), and 6.0.0 up to and including 6.0.1 (Vaadin 19.0.0) allows malicious user to access application classes and resources on the server via...
Vaadin Flow
Vaadin Vaadin 19.0.0
Vaadin Vaadin
NA
CVE-2023-25499
When adding non-visible components to the UI in server side, content is sent to the browser in Vaadin 10.0.0 up to and including 10.0.22, 11.0.0 up to and including 14.10.0, 15.0.0 up to and including 22.0.28, 23.0.0 up to and including 23.3.12, 24.0.0 up to and including 24.0.5 ...
Vaadin Vaadin 24.1.0
Vaadin Vaadin
NA
CVE-2023-25500
Possible information disclosure in Vaadin 10.0.0 to 10.0.23, 11.0.0 to 14.10.1, 15.0.0 to 22.0.28, 23.0.0 to 23.3.13, 24.0.0 to 24.0.6, 24.1.0.alpha1 to 24.1.0.rc2, resulting in potential information disclosure of class and method names in RPC responses by sending modified reques...
Vaadin Vaadin 24.1.0
Vaadin Vaadin
4.3
CVSSv2
CVE-2021-33611
Missing output sanitization in test sources in org.webjars.bowergithub.vaadin:vaadin-menu-bar versions 1.0.0 up to and including 1.2.0 (Vaadin 14.0.0 up to and including 14.4.4) allows remote malicious users to execute malicious JavaScript in browser by opening crafted URL
Vaadin Vaadin
Vaadin Vaadin-menu-bar
5
CVSSv2
CVE-2020-36321
Improper URL validation in development mode handler in com.vaadin:flow-server versions 2.0.0 up to and including 2.4.1 (Vaadin 14.0.0 up to and including 14.4.2), and 3.0 before 5.0 (Vaadin 15 before 18) allows malicious user to request arbitrary files stored outside of intended ...
Vaadin Flow
Vaadin Vaadin
3.5
CVSSv2
CVE-2020-36319
Insecure configuration of default ObjectMapper in com.vaadin:flow-server versions 3.0.0 up to and including 3.0.5 (Vaadin 15.0.0 up to and including 15.0.4) may expose sensitive data if the application also uses e.g. @RestController
Vaadin Flow
Vaadin Vaadin
4.3
CVSSv2
CVE-2019-25027
Missing output sanitization in default RouteNotFoundError view in com.vaadin:flow-server versions 1.0.0 up to and including 1.0.10 (Vaadin 10.0.0 up to and including 10.0.13), and 1.1.0 up to and including 1.4.2 (Vaadin 11.0.0 up to and including 13.0.5) allows malicious user to ...
Vaadin Flow
Vaadin Vaadin
4.3
CVSSv2
CVE-2021-31412
Improper sanitization of path in default RouteNotFoundError view in com.vaadin:flow-server versions 1.0.0 up to and including 1.0.14 (Vaadin 10.0.0 up to and including 10.0.18), 1.1.0 before 2.0.0 (Vaadin 11 before 14), 2.0.0 up to and including 2.6.1 (Vaadin 14.0.0 up to and inc...
Vaadin Flow
Vaadin Vaadin
4
CVSSv2
CVE-2018-25007
Missing check in UIDL request handler in com.vaadin:flow-server versions 1.0.0 up to and including 1.0.5 (Vaadin 10.0.0 up to and including 10.0.7, and 11.0.0 up to and including 11.0.2) allows malicious user to update element property values via crafted synchronization message.
Vaadin Flow
Vaadin Vaadin
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
camera
bypass
CVE-2024-3592
CVE-2024-37383
CVE-2024-24919
CVE-2024-27822
CVE-2024-36788
CVE-2024-36789
man-in-the-middle
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »