VYPR

Flow

by Vaadin

Source repositories

CVEs (4)

  • CVE-2026-2741MedMar 10, 2026
    risk 0.37cvss 6.8epss 0.00

    Specially crafted ZIP archives can escape the intended extraction directory during Node.js download and extraction in Vaadin 14.2.0 through 14.14.0, 15.0.0 through 23.6.6, 24.0.0 through 24.9.8, and 25.0.0 through 25.0.2. Vaadin’s build process can automatically download and…

  • CVE-2024-34600MedJul 2, 2024
    risk 0.29cvss 4.4epss 0.00

    Improper verification of intent by broadcast receiver vulnerability in Samsung Flow prior to version 4.9.13.0 allows local attackers to copy image files to external storage.

  • CVE-2026-2742MedMar 10, 2026
    risk 0.27cvss 5.3epss 0.00

    An authentication bypass vulnerability exists in Vaadin 14.0.0 through 14.14.0, 23.0.0 through 23.6.6, 24.0.0 through 24.9.7 and 25.0.0 through 25.0.1, applications using Spring Security due to inconsistent path pattern matching of reserved framework paths. Accessing the…

  • CVE-2026-7860LowMay 19, 2026
    risk 0.03cvss epss 0.00

    A possible information disclosure vulnerability exists in the Vaadin Maven plugin and Vaadin Gradle plugin that exposes the full set of environment variables in build logs whenever the frontend build process exits with a non-zero status. Because the build environment may contain…