Flowring

Agentflow

11 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.8

CVE-2026-2096

  • EPSS 0.2%
  • Veröffentlicht 10.02.2026 07:16:14
  • Zuletzt bearbeitet 13.02.2026 20:52:16

Agentflow developed by Flowring has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to read, modify, and delete database contents by using a specific functionality.

8.8

CVE-2026-2097

  • EPSS 0.24%
  • Veröffentlicht 10.02.2026 07:16:14
  • Zuletzt bearbeitet 13.02.2026 20:51:42

Agentflow developed by Flowring has an Arbitrary File Upload vulnerability, allowing authenticated remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server.

6.1

CVE-2026-2098

  • EPSS 0.05%
  • Veröffentlicht 10.02.2026 07:16:14
  • Zuletzt bearbeitet 13.02.2026 20:49:31

AgentFlow developed by Flowring has a Reflected Cross-site Scripting vulnerability, allowing unauthenticated remote attackers to execute arbitrary JavaScript codes in user's browser through phishing attacks.

5.4

CVE-2026-2099

  • EPSS 0.04%
  • Veröffentlicht 10.02.2026 07:16:14
  • Zuletzt bearbeitet 13.02.2026 20:48:06

AgentFlow developed by Flowring has a Stored Cross-Site Scripting vulnerability, allowing authenticated remote attackers to inject persistent JavaScript codes that are executed in users' browsers upon page load.

9.8

CVE-2026-2095

  • EPSS 0.48%
  • Veröffentlicht 10.02.2026 07:16:13
  • Zuletzt bearbeitet 13.02.2026 20:53:19

Agentflow developed by Flowring has an Authentication Bypass vulnerability, allowing unauthenticated remote attackers to exploit a specific functionality to obtain arbitrary user authentication token and log into the system as any user.

8.1

CVE-2025-11899

  • EPSS 0.15%
  • Veröffentlicht 17.10.2025 03:44:54
  • Zuletzt bearbeitet 21.10.2025 19:31:50

Agentflow developed by Flowring has an Use of Hard-coded Cryptographic Key vulnerability, allowing unauthenticated remote attackers to exploit the fixed key to generate verification information, thereby logging into the system as any user. Attacker m...

7.5

CVE-2025-11898

  • EPSS 0.1%
  • Veröffentlicht 17.10.2025 03:41:53
  • Zuletzt bearbeitet 21.10.2025 19:31:50

Agentflow developed by Flowring has an Arbitrary File Reading vulnerability, allowing unauthenticated remote attackers to exploit Relative Path Traversal to download arbitrary system files.

9.8

CVE-2025-3709

  • EPSS 0.28%
  • Veröffentlicht 02.05.2025 03:13:32
  • Zuletzt bearbeitet 07.05.2025 16:50:52

Agentflow from Flowring Technology has an Account Lockout Bypass vulnerability, allowing unauthenticated remote attackers to exploit this vulnerability to perform password brute force attack.

9.8

CVE-2022-39036

  • EPSS 6.1%
  • Veröffentlicht 10.11.2022 15:15:14
  • Zuletzt bearbeitet 21.11.2024 07:17:25

The file upload function of Agentflow BPM has insufficient filtering for special characters in URLs. An unauthenticated remote attacker can exploit this vulnerability to upload arbitrary file and execute arbitrary code to manipulate system or disrupt...

7.5

CVE-2022-39037

  • EPSS 1.05%
  • Veröffentlicht 10.11.2022 15:15:14
  • Zuletzt bearbeitet 21.11.2024 07:17:25

Agentflow BPM file download function has a path traversal vulnerability. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication and download arbitrary system files.