1113 matches found
CVE-2026-2252
An XML External Entity XXE vulnerability allows malicious user to perform Server-Side Request Forgery SSRF via crafted XML input containing malicious external entity references. This issue affects Xerox FreeFlow Core versions up to and including 8.0.7. Please consider upgrading to FreeFlow Core...
EUVD-2026-9014
Improper limitation of a pathname to a restricted directory Path Traversal vulnerability in Xerox FreeFlow Core allows unauthorized path traversal leading to RCE. This issue affects Xerox FreeFlow Core versions up to and including 8.0.7. Please consider upgrading to FreeFlow Core version 8.1.0 vi...
CVE-2026-2252
An XML External Entity XXE vulnerability allows malicious user to perform Server-Side Request Forgery SSRF via crafted XML input containing malicious external entity references. This issue affects Xerox FreeFlow Core versions up to and including 8.0.7. Please consider upgrading to FreeFlow Core...
CVE-2026-2252
An XML External Entity XXE vulnerability allows malicious user to perform Server-Side Request Forgery SSRF via crafted XML input containing malicious external entity references. This issue affects Xerox FreeFlow Core versions up to and including 8.0.7. Please consider upgrading to FreeFlow Core...
CVE-2026-2251
Improper limitation of a pathname to a restricted directory Path Traversal vulnerability in Xerox FreeFlow Core allows unauthorized path traversal leading to RCE. This issue affects Xerox FreeFlow Core versions up to and including 8.0.7. Please consider upgrading to FreeFlow Core version 8.1.0 vi...
CVE-2026-2251
Improper limitation of a pathname to a restricted directory Path Traversal vulnerability in Xerox FreeFlow Core allows unauthorized path traversal leading to RCE. This issue affects Xerox FreeFlow Core versions up to and including 8.0.7. Please consider upgrading to FreeFlow Core version 8.1.0 vi...
CVE-2026-2252
An XML External Entity XXE vulnerability allows malicious user to perform Server-Side Request Forgery SSRF via crafted XML input containing malicious external entity references. This issue affects Xerox FreeFlow Core versions up to and including 8.0.7. Please consider upgrading to FreeFlow Core...
CVE-2026-2252 XML External Entity (XXE) vulnerability resulting in Server-Side Request Forgery (SSRF)
An XML External Entity XXE vulnerability allows malicious user to perform Server-Side Request Forgery SSRF via crafted XML input containing malicious external entity references. This issue affects Xerox FreeFlow Core versions up to and including 8.0.7. Please consider upgrading to FreeFlow Core...
CVE-2026-2251 Path Traversal leading to Remote Code Execution (RCE)
Improper limitation of a pathname to a restricted directory Path Traversal vulnerability in Xerox FreeFlow Core allows unauthorized path traversal leading to RCE. This issue affects Xerox FreeFlow Core versions up to and including 8.0.7. Please consider upgrading to FreeFlow Core version 8.1.0 vi...
CVE-2026-2251 Path Traversal leading to Remote Code Execution (RCE)
Improper limitation of a pathname to a restricted directory Path Traversal vulnerability in Xerox FreeFlow Core allows unauthorized path traversal leading to RCE. This issue affects Xerox FreeFlow Core versions up to and including 8.0.7. Please consider upgrading to FreeFlow Core version 8.1.0 vi...
CVE-2026-2251
Improper limitation of a pathname to a restricted directory Path Traversal vulnerability in Xerox FreeFlow Core allows unauthorized path traversal leading to RCE. This issue affects Xerox FreeFlow Core versions up to and including 8.0.7. Please consider upgrading to FreeFlow Core version 8.1.0 vi...
PT-2026-22314
Name of the Vulnerable Software and Affected Versions Xerox FreeFlow Core versions prior to 8.1.0 Description The software contains a path traversal issue due to improper limitation of a pathname to a restricted directory. This allows unauthorized path traversal, potentially leading to remote cod...
PT-2026-22315
Name of the Vulnerable Software and Affected Versions Xerox FreeFlow Core versions up to and including 8.0.7 Description An XML External Entity XXE issue allows a malicious user to perform Server-Side Request Forgery SSRF by submitting specially crafted XML input that includes malicious external...
Xerox FreeFlow Core 安全漏洞
Xerox FreeFlow Core is a flexible and easy-to-use software developed by Xerox Corporation. Versions of Xerox FreeFlow Core 8.0.7 and earlier contain security vulnerabilities. These vulnerabilities stem from XML external entity vulnerabilities, which could allow malicious users to execute...
Xerox FreeFlow Core 安全漏洞
Xerox FreeFlow Core is a flexible and easy-to-use software product developed by Xerox Corporation. Versions of Xerox FreeFlow Core 8.0.7 and earlier contain security vulnerabilities. These vulnerabilities stem from improper path name restrictions, which can lead to unauthorized path traversal and...
CVE-2026-1769
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Xerox CentreWare on Windows allows Stored XSS.This issue affects CentreWare: through 7.0.6. Consider upgrading Xerox® CentreWare Web® to v7.2.2.25 via the software available on Xerox.com...
CVE-2026-1769
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Xerox CentreWare on Windows allows Stored XSS.This issue affects CentreWare: through 7.0.6. Consider upgrading Xerox® CentreWare Web® to v7.2.2.25 via the software available on Xerox.com...
CVE-2026-1769
Xerox CentreWare Web on Windows is affected by a Stored XSS in CentreWare Web versions through 7.0.6. The vulnerability arises from improper neutralization of input during web page generation, allowing malicious scripts to be stored and potentially executed in the context of other users’ sessions...
CVE-2026-1769
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Xerox CentreWare on Windows allows Stored XSS.This issue affects CentreWare: through 7.0.6. Consider upgrading Xerox® CentreWare Web® to v7.2.2.25 via the software available on Xerox.com...
CVE-2026-1769 Stored XSS on Xerox CentreWare Web 7.0.6
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Xerox CentreWare on Windows allows Stored XSS.This issue affects CentreWare: through 7.0.6. Consider upgrading Xerox® CentreWare Web® to v7.2.2.25 via the software available on Xerox.com...