| Title |
Severity |
Exploit |
Date |
Affected Version |
|
CVE-2023-25499
|
Medium
|
|
Jun 22, 2023
|
>= 1.0.0 < 1.0.20
>= 1.1.0 < 2.8.10
>= 3.0.0 < 9.1.1
>= 23.0.0 < 23.3.11
>= 24.0.0 < 24.0.8
>= 24.1.0.alpha1 < 24.1.0
|
|
CVE-2023-25500
|
Low
|
|
Jun 22, 2023
|
>= 1.0.0 < 1.0.21
>= 1.1.0 < 2.9.3
>= 3.0.0 < 9.1.2
>= 23.0.0 < 23.3.13
>= 24.0.0 < 24.0.9
>= 24.1.alpha1 < 24.1.0
|
|
Possible route enumeration in production mode via RouteNotFoundError view in Vaadin 10, 11-14, and 15-19
|
Medium
|
|
Oct 13, 2021
|
>= 1.0.0 < 1.0.15
>= 1.1.0 < 2.6.2
>= 3.0.0 < 6.0.10
|
|
Reflected cross-site scripting in development mode handler in Vaadin
|
Low
|
|
Jun 28, 2021
|
>= 2.0.0 < 2.6.2
>= 3.0.0 < 6.0.10
|
|
Insecure temporary directory usage in frontend build functionality of Vaadin 14 and 15-19
|
Medium
|
|
May 6, 2021
|
>= 2.0.9 < 2.5.3
>= 3.0.0 < 6.0.6
|
|
CVE-2021-31407
|
High
|
|
Apr 23, 2021
|
>= 1.2.0 < 2.4.8
== 6.0.0
>= 6.0.0 < 6.0.1
|
|
CVE-2020-36321
|
High
|
|
Apr 23, 2021
|
>= 3.0.0 < 5.0.0
>= 2.0.0 < 2.4.2
|
|
CVE-2018-25007
|
Low
|
|
Apr 23, 2021
|
>= 1.0.0 < 1.0.6
|
|
CVE-2021-31406
|
Low
|
|
Apr 23, 2021
|
>= 3.0.0 < 5.0.4
== 6.0.0
>= 6.0.0 < 6.0.1
|
|
CVE-2020-36319
|
Medium
|
|
Apr 23, 2021
|
>= 3.0.0 < 3.0.6
|
com.vaadin / flow-server