CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

ATTACKERKB•added 2026/03/09 9:32 a.m.•2 views

CVE-2026-3813

6.5CVSS6.3AI score0.00053EPSS

Vulnrichment•added 2026/03/09 9:32 a.m.•2 views

CVE-2026-3813 opencc JFlow WF_CCForm.java Calculate injection

6.5CVSS5.5AI score0.00053EPSS

Cvelist•added 2026/03/09 9:32 a.m.•31 views

CVE-2026-3813 opencc JFlow WF_CCForm.java Calculate injection

6.5CVSS0.00053EPSS

Positive Technologies•added 2026/03/09 12:0 a.m.•2 views

PT-2026-24052

A vulnerability was identified in opencc JFlow up to 5badc00db382d7cb82dad231e6a866b18e0addfe. Affected by this vulnerability is the function Calculate of the file src/main/java/bp/wf/httphandler/WF CCForm.java. Such manipulation leads to injection. The attack may be performed from remote. The...

6.5CVSS6.3AI score0.00053EPSS

Exploits1References6

CNNVD•added 2026/03/09 12:0 a.m.•2 views

JFlow 安全漏洞

JFlow is a low-code BPM development platform open-sourced by Jinan Chicheng opencc in China. JFlow has a security vulnerability, which stems from incorrect operations on the function Calculate in the file src/main/java/bp/wf/httphandler/WFCCForm.java, potentially leading to injection attacks...

9.8CVSS6.6AI score0.00053EPSS

RedhatCVE•added 2026/02/17 7:28 a.m.•5 views

CVE-2026-2536

A vulnerability was determined in opencc JFlow up to 20260129. This affects the function ImpDone of the file src/main/java/bp/wf/httphandler/WFAdminAttrFlow.java of the component Workflow Engine. This manipulation of the argument File causes xml external entity reference. The attack may be...

EUVD•added 2026/02/16 6:31 a.m.•4 views

Exploits0References1

EUVD-2026-6126

NVD•added 2026/02/16 6:16 a.m.•4 views

Exploits0References7

CVE-2026-2536

6.5CVSS0.00031EPSS

Cvelist•added 2026/02/16 5:2 a.m.•30 views

CVE-2026-2536 opencc JFlow Workflow WF_Admin_AttrFlow.java Imp_Done xml external entity reference

6.5CVSS0.00031EPSS

Vulnrichment•added 2026/02/16 5:2 a.m.•1 views

CVE-2026-2536 opencc JFlow Workflow WF_Admin_AttrFlow.java Imp_Done xml external entity reference

ATTACKERKB•added 2026/02/16 5:2 a.m.•2 views

CVE-2026-2536

Exploits0References6Affected Software1

CVE•added 2026/02/16 5:2 a.m.•8 views

CVE-2026-2536

The vulnerability CVE-2026-2536 affects the opencc JFlow Workflow Engine, specifically the Imp_Done function in WF_Admin_AttrFlow.java. The issue arises from manipulating the File argument, enabling an XML External Entity (XXE) reference. Remote exploitation is possible, and public disclosure of ...

6.5CVSS6.3AI score0.00031EPSS

CNNVD•added 2026/02/16 12:0 a.m.•3 views

JFlow 代码问题漏洞

JFlow is a low-code BPM development platform open-sourced by Jinan Chicheng opencc in China. Versions of JFlow dated 20260129 and earlier contained code vulnerabilities. These vulnerabilities stemmed from incorrect handling of the File parameter in the function ImpDone within the Workflow Engine...

6.5CVSS6.7AI score0.00031EPSS

Positive Technologies•added 2026/02/16 12:0 a.m.•5 views

PT-2026-8312

A vulnerability was determined in opencc JFlow up to 20260129. This affects the function Imp Done of the file src/main/java/bp/wf/httphandler/WF Admin AttrFlow.java of the component Workflow Engine. This manipulation of the argument File causes xml external entity reference. The attack may be...