47 matches found
Multiple vulnerabilities in Xerox FreeFlow Core (XRX26-005)
Overview Xerox FreeFlow Core contains multiple vulnerabilities listed below. Path traversal CWE-22 - CVE-2026-2251 XML external entity reference XXE CWE-611 - CVE-2026-2252 FUJIFILM Business Innovation Corp. reported these vulnerabilities to JPCERT/CC to notify users of the solutions through JVN...
CVE-2026-2252
An XML External Entity XXE vulnerability allows malicious user to perform Server-Side Request Forgery SSRF via crafted XML input containing malicious external entity references. This issue affects Xerox FreeFlow Core versions up to and including 8.0.7. Please consider upgrading to FreeFlow Core...
CVE-2026-2251
Improper limitation of a pathname to a restricted directory Path Traversal vulnerability in Xerox FreeFlow Core allows unauthorized path traversal leading to RCE. This issue affects Xerox FreeFlow Core versions up to and including 8.0.7. Please consider upgrading to FreeFlow Core version 8.1.0 vi...
EUVD-2026-9014
Improper limitation of a pathname to a restricted directory Path Traversal vulnerability in Xerox FreeFlow Core allows unauthorized path traversal leading to RCE. This issue affects Xerox FreeFlow Core versions up to and including 8.0.7. Please consider upgrading to FreeFlow Core version 8.1.0 vi...
EUVD-2026-9015
An XML External Entity XXE vulnerability allows malicious user to perform Server-Side Request Forgery SSRF via crafted XML input containing malicious external entity references. This issue affects Xerox FreeFlow Core versions up to and including 8.0.7. Please consider upgrading to FreeFlow Core...
CVE-2026-2252
An XML External Entity XXE vulnerability allows malicious user to perform Server-Side Request Forgery SSRF via crafted XML input containing malicious external entity references. This issue affects Xerox FreeFlow Core versions up to and including 8.0.7. Please consider upgrading to FreeFlow Core...
CVE-2026-2252
An XML External Entity XXE vulnerability allows malicious user to perform Server-Side Request Forgery SSRF via crafted XML input containing malicious external entity references. This issue affects Xerox FreeFlow Core versions up to and including 8.0.7. Please consider upgrading to FreeFlow Core...
CVE-2026-2251
Improper limitation of a pathname to a restricted directory Path Traversal vulnerability in Xerox FreeFlow Core allows unauthorized path traversal leading to RCE. This issue affects Xerox FreeFlow Core versions up to and including 8.0.7. Please consider upgrading to FreeFlow Core version 8.1.0 vi...
CVE-2026-2252
An XML External Entity XXE vulnerability allows malicious user to perform Server-Side Request Forgery SSRF via crafted XML input containing malicious external entity references. This issue affects Xerox FreeFlow Core versions up to and including 8.0.7. Please consider upgrading to FreeFlow Core...
CVE-2026-2252 XML External Entity (XXE) vulnerability resulting in Server-Side Request Forgery (SSRF)
An XML External Entity XXE vulnerability allows malicious user to perform Server-Side Request Forgery SSRF via crafted XML input containing malicious external entity references. This issue affects Xerox FreeFlow Core versions up to and including 8.0.7. Please consider upgrading to FreeFlow Core...
CVE-2026-2252
CVE-2026-2252 is an XXE vulnerability in Xerox FreeFlow Core, impacting versions up to 8.0.7. The issue allows a malicious XML input to reference external entities, enabling Server-Side Request Forgery (SSRF) . The CVSS v3.1 score is 7.5 (HIGH), with network attack vector, no user interaction, an...
CVE-2026-2252 XML External Entity (XXE) vulnerability resulting in Server-Side Request Forgery (SSRF)
An XML External Entity XXE vulnerability allows malicious user to perform Server-Side Request Forgery SSRF via crafted XML input containing malicious external entity references. This issue affects Xerox FreeFlow Core versions up to and including 8.0.7. Please consider upgrading to FreeFlow Core...
CVE-2026-2251 Path Traversal leading to Remote Code Execution (RCE)
Improper limitation of a pathname to a restricted directory Path Traversal vulnerability in Xerox FreeFlow Core allows unauthorized path traversal leading to RCE. This issue affects Xerox FreeFlow Core versions up to and including 8.0.7. Please consider upgrading to FreeFlow Core version 8.1.0 vi...
CVE-2026-2251 Path Traversal leading to Remote Code Execution (RCE)
Improper limitation of a pathname to a restricted directory Path Traversal vulnerability in Xerox FreeFlow Core allows unauthorized path traversal leading to RCE. This issue affects Xerox FreeFlow Core versions up to and including 8.0.7. Please consider upgrading to FreeFlow Core version 8.1.0 vi...
CVE-2026-2251
Improper limitation of a pathname to a restricted directory Path Traversal vulnerability in Xerox FreeFlow Core allows unauthorized path traversal leading to RCE. This issue affects Xerox FreeFlow Core versions up to and including 8.0.7. Please consider upgrading to FreeFlow Core version 8.1.0 vi...
CVE-2026-2251
Xerox FreeFlow Core is affected by CVE-2026-2251: a path traversal vulnerability allows unauthorized access leading to remote code execution. Impacted are FreeFlow Core versions up to 8.0.7. The issue enables an attacker to traverse restricted directories over the network, potentially executing c...
Xerox FreeFlow Core 安全漏洞
Xerox FreeFlow Core is a flexible and easy-to-use software product developed by Xerox Corporation. Versions of Xerox FreeFlow Core 8.0.7 and earlier contain security vulnerabilities. These vulnerabilities stem from improper path name restrictions, which can lead to unauthorized path traversal and...
PT-2026-22314
Name of the Vulnerable Software and Affected Versions Xerox FreeFlow Core versions prior to 8.1.0 Description The software contains a path traversal issue due to improper limitation of a pathname to a restricted directory. This allows unauthorized path traversal, potentially leading to remote cod...
Xerox FreeFlow Core 安全漏洞
Xerox FreeFlow Core is a flexible and easy-to-use software developed by Xerox Corporation. Versions of Xerox FreeFlow Core 8.0.7 and earlier contain security vulnerabilities. These vulnerabilities stem from XML external entity vulnerabilities, which could allow malicious users to execute...
PT-2026-22315
Name of the Vulnerable Software and Affected Versions Xerox FreeFlow Core versions up to and including 8.0.7 Description An XML External Entity XXE issue allows a malicious user to perform Server-Side Request Forgery SSRF by submitting specially crafted XML input that includes malicious external...