Vulnerabilities in valtimo-platform

6 results

CVE-2024-34706CRITICAL@valtimo/components exposes access token to form.ioEPSS 1.1%CVE-2026-42555CRITICALValtimo: SpEL injection via StandardEvaluationContext allows Remote Code Execution by admin usersEPSS 0.6%CVE-2025-58059CRITICALValtimo scripting engine can be used to gain access to sensitive data or resourcesEPSS 0.4%CVE-2026-34164MEDIUMValtimo: Sensitive data exposure through inbox message logging in InboxHandlingServiceEPSS 0.4%CVE-2025-48881HIGHValtimo backend libraries allows objects in the object-api to be accessed and modified by unauthorized usersEPSS 0.3%CVE-2026-44516HIGHValtimo: Sensitive data exposure through HTTP request/response logging in LoggingRestClientCustomizerEPSS 0.2%