Components
Vulnerabilities
Pricing
MCP
API
Docs
Sign up
Login
Find vulnerabilities. Fix fast with AI.
Search components by package, version, or CVE to get started.
org.flowable/flowable-ui-app 6.8.1 | Vulne… | Sonatype Guide
maven
org.flowable
flowable-ui-app
6.8.1
flowable-ui-app 6.8.1
Latest
org.flowable
Published
Feb 22, 2024
•
Policy
compliance
maven Registry
Developer Trust Score
Recommended Version:
x.y.z
Latest version with 0 known vulnerabilities that meets your policy.
Compare Versions
Overview
Overview
Versions
6
Versions
6
Vulnerabilities
150
Vulnerabilities
150
Dependencies
14
Dependencies
14
Reset filters
Severity
Critical
(0)
High
(0)
Medium
(0)
Low
(8)
CVSS Score
0.0
10.0
EPSS Score
0.0
1.0
Malware
KEV Status
Published
Filter
Sort: Published (Newest first)
3.7
CVE-2026-22746
org.springframework.security/spring-security-core - Timing attack bypass enables user enumeration
affected
Severity
Low
Published
Apr 22, 2026
2.3
CVE-2026-22741
Spring MVC and WebFlux - Static Resource Cache Poisoning
affected
Severity
Low
Published
Apr 21, 2026
2.1
CVE-2026-22735
Spring MVC and WebFlux applications are vulnerable to stream corruption when using Server-Sent Events (SSE). This issue affects Spring Foundation: from 7.0.0 through 7.0.5, from 6.2.0 through 6.2.16, from 6.1.0 through 6.1.25, from 5.3.0 through 5.3.46.
affected
Severity
Low
Published
3.7
CVE-2026-24733
Improper Input Validation vulnerability in Apache Tomcat. Tomcat did not limit HTTP/0.9 requests to the GET method. If a security constraint was configured to allow HEAD requests to a URI but deny GET requests, the user could bypass that constraint on GET requests by sending a (specification invalid) HEAD request using HTTP/0.9. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.14, from 10.1.0-M1 through 10.1.49, from 9.0.0.M1 through 9.0.112. Older, EOL versions are also affected. Users are recommended to upgrade to version 11.0.15 or later, 10.1.50 or later or 9.0.113 or later, which fixes the issue.
affected
Severity
Low
1.8
CVE-2026-1225
ACE vulnerability in configuration file processing by QOS.CH logback-core up to and including version 1.5.24 in Java applications, allows an attacker to instantiate classes already present on the class path by compromising an existing logback configuration file. The instantiation of a potentially malicious Java class requires that said class is present on the user's class-path. In addition, the attacker must have write access to a configuration file. However, after successful instantiation, the instance is very likely to be discarded with no further ado.
affected
Severity
Low
2.3
CVE-2025-22233
CVE-2024-38820 ensured Locale-independent, lowercase conversion for both the configured disallowedFields patterns and for request parameter names. However, there are still cases where it is possible to bypass the disallowedFields checks. Affected Spring Products and Versions Spring Framework: * 6.2.0 - 6.2.6 * 6.1.0 - 6.1.19 * 6.0.0 - 6.0.27 * 5.3.0 - 5.3.42 * Older, unsupported versions are also affected Mitigation Users of affected versions should upgrade to the corresponding fixed version. Affected version(s)Fix Version Availability 6.2.x 6.2.7 OSS6.1.x 6.1.20 OSS6.0.x 6.0.28 Commercial https://enterprise.spring.io/ 5.3.x 5.3.43 Commercial https://enterprise.spring.io/ No further mitigation steps are necessary. Generally, we recommend using a dedicated model object with properties only for data binding, or using constructor binding since constructor arguments explicitly declare what to bind together with turning off setter binding through the declarativeBinding flag. See the Model Design section in the reference documentation. For setting binding, prefer the use of allowedFields (an explicit list) over disallowedFields. Credit This issue was responsibly reported by the TERASOLUNA Framework Development Team from NTT DATA Group Corporation.
affected
2.4
CVE-2024-12801
Server-Side Request Forgery (SSRF) in SaxEventRecorder by QOS.CH logback version 0.1 to 1.3.14 and 1.4.0 to 1.5.12 on the Java platform, allows an attacker to forge requests by compromising logback configuration files in XML. The attacks involves the modification of DOCTYPE declaration in XML configuration files.
affected
Severity
Low
3.3
sonatype-2020-0926
guava - Creation of Temporary File in Directory with Insecure Permissions [CVE-2020-8908]
affected
Severity
Low
Mar 20, 2026
Published
Feb 18, 2026
Published
Jan 23, 2026
Severity
Low
Published
May 16, 2025
Published
Dec 20, 2024
Published
Sep 22, 2020
