VYPR
Vendor

Lightbend

Products
6
CVEs
4
Across products
4
Status
Private

Products

6

Recent CVEs

4
  • CVE-2014-3630CriDec 29, 2017
    risk 0.64cvss 9.8epss 0.03

    XML external entity (XXE) vulnerability in the Java XML processing functionality in Play before 2.2.6 and 2.3.x before 2.3.5 might allow remote attackers to read arbitrary files, cause a denial of service, or have unspecified other impact via crafted XML data.

  • CVE-2015-2156HigOct 18, 2017
    risk 0.42cvss 7.5epss 0.05

    Netty before 3.9.8.Final, 3.10.x before 3.10.3.Final, 4.0.x before 4.0.28.Final, and 4.1.x before 4.1.0.Beta5 and Play Framework 2.x before 2.3.9 might allow remote attackers to bypass the httpOnly flag on cookies and obtain sensitive information by leveraging improper…

  • CVE-2025-46548Jun 3, 2025
    risk 0.00cvss epss 0.01

    If you enable Basic Authentication in Pekko Management using the Java DSL, the authenticator may not be properly applied. Users that rely on authentication instead of making sure the Management API ports are only available to trusted users are recommended to upgrade to version…

  • CVE-2023-31442May 11, 2023
    risk 0.00cvss epss 0.01

    In Lightbend Akka before 2.8.1, the async-dns resolver (used by Discovery in DNS mode and transitively by Cluster Bootstrap) uses predictable DNS transaction IDs when resolving DNS records, making DNS resolution subject to poisoning by an attacker. If the application performing…