| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-2742 | Unauthorized session creation via reserved framework path access | vaadin | vaadin | - | - | 2026-03-10 12:08:49 | Deep Dive |
| CVE-2026-2741 | Zip Slip Path Traversal on Node Unpack | vaadin | vaadin | - | - | 2026-03-10 12:08:31 | Deep Dive |
| CVE-2025-15022 | Cross-site scripting in Action caption | vaadin | vaadin | 中危 | - | 2026-01-05 07:52:56 | Deep Dive |
| CVE-2025-9467 | Possibility to bypass file upload validation on the server-side | vaadin | vaadin | - | - | 2025-09-04 06:15:47 | Deep Dive |
| CVE-2023-25500 | Vaadin 信息泄露漏洞 | vaadin | vaadin | Low | 3.5 | 2023-06-22 12:49:07 | Deep Dive |
| CVE-2023-25499 | Possible information disclosure in non visible components | vaadin | vaadin | Medium | 5.7 | 2023-06-22 12:47:58 | Deep Dive |
| CVE-2022-29567 | Possible information disclosure inside TreeGrid component with default data provider | Vaadin | vaadin | Medium | 5.7 | 2022-05-24 14:20:19 | Deep Dive |
| CVE-2021-33611 | Reflected cross-site scripting in vaadin-menu-bar webjar resources in Vaadin 14 | Vaadin | Vaadin | Medium | 6.1 | 2021-11-02 10:06:56 | Deep Dive |
| CVE-2021-33609 | Denial of service in DataCommunicator class in Vaadin 8 | Vaadin | Vaadin | Medium | 4.3 | 2021-10-13 10:58:36 | Deep Dive |
| CVE-2021-33605 | Unauthorized property update in CheckboxGroup component in Vaadin 12-14 and 15-20 | Vaadin | Vaadin | Medium | 4.3 | 2021-08-25 12:12:42 | Deep Dive |
| CVE-2021-31412 | Possible route enumeration in production mode via RouteNotFoundError view in Vaadin 10, 11-14, and 15-19 | Vaadin | Vaadin | Medium | 5.3 | 2021-06-24 11:33:11 | Deep Dive |
| CVE-2021-33604 | Reflected cross-site scripting in development mode handler in Vaadin 14, 15-19 | Vaadin | Vaadin | Low | 2.5 | 2021-06-24 11:16:27 | Deep Dive |
| CVE-2021-31409 | Server session is not invalidated when logout() helper method of Authentication module is used in Vaadin 18-19 | Vaadin | Vaadin | High | 7.5 | 2021-05-05 19:07:31 | Deep Dive |
| CVE-2021-31411 | Insecure temporary directory usage in frontend build functionality of Vaadin 14 and 15-19 | Vaadin | Vaadin | Medium | 6.3 | 2021-05-05 18:15:13 | Deep Dive |
| CVE-2021-31410 | Project sources exposure in Vaadin Designer | Vaadin | Designer | High | 8.6 | 2021-04-23 16:08:31 | Deep Dive |
| CVE-2021-31408 | Server session is not invalidated when logout() helper method of Authentication module is used in Vaadin 18-19 | Vaadin | Vaadin | Medium | 6.3 | 2021-04-23 16:07:17 | Deep Dive |
| CVE-2021-31407 | Server classes and resources exposure in OSGi applications using Vaadin 12-14 and 19 | Vaadin | Vaadin | High | 8.6 | 2021-04-23 16:05:41 | Deep Dive |
| CVE-2021-31406 | Timing side channel vulnerability in endpoint request handler in Vaadin 15-19 | Vaadin | Vaadin | Medium | 4.0 | 2021-04-23 16:05:41 | Deep Dive |
| CVE-2021-31405 | Regular expression denial of service (ReDoS) in EmailField component in Vaadin 14 and 15-17 | Vaadin | Vaadin | High | 7.5 | 2021-04-23 16:05:41 | Deep Dive |
| CVE-2021-31404 | Timing side channel vulnerability in UIDL request handler in Vaadin 10, 11-14, and 15-18 | Vaadin | Vaadin | Medium | 4.0 | 2021-04-23 16:05:41 | Deep Dive |