| CVE-2026-2742 |
medium |
5.3 |
5.3 |
|
|
|
3mo ago |
Vaadin Vulnerable to Authentication Bypass When Accessing the /VAADIN Endpoint Without a Trailing Slash |
| CVE-2023-25499 |
unknown |
— |
— |
|
|
|
3y ago |
Vaadin vulnerable to possible information disclosure in non visible components. |
| CVE-2023-25500 |
unknown |
— |
— |
|
|
|
3y ago |
Vaadin vulnerable to possible information disclosure of class and method names in RPC response |
| CVE-2018-25007 |
unknown |
— |
— |
|
|
|
5y ago |
Unauthorized client-side property update in UIDL request handler in Vaadin 10 and 11 |
| CVE-2019-25027 |
unknown |
— |
— |
|
|
|
5y ago |
Reflected cross-site scripting in default RouteNotFoundError view in Vaadin 10 and 11-13 |
| CVE-2020-36319 |
unknown |
— |
— |
|
|
|
5y ago |
Potential sensitive data exposure in applications using Vaadin 15 |
| CVE-2020-36321 |
unknown |
— |
— |
|
|
|
5y ago |
Directory traversal in development mode handler in Vaadin 14 and 15-17 |
| CVE-2021-31404 |
unknown |
— |
— |
|
|
|
5y ago |
Timing side channel vulnerability in UIDL request handler in Vaadin 10, 11-14, and 15-18 |
| CVE-2021-31406 |
unknown |
— |
— |
|
|
|
5y ago |
Timing side channel vulnerability in endpoint request handler in Vaadin 15-19 |