3 matches found
CVE-2026-2095
CVE-2026-2095 concerns Agentflow by Flowring, where an Authentication Bypass allows unauthenticated remote attackers to obtain arbitrary user authentication tokens and log in as any user. The entry lists a critical impact with high confidentiality, integrity, and availability concerns (CVSS v3.1/...
CVE-2026-2098
AgentFlow (Flowring) CVE-2026-2098 describes a Reflected Cross-site Scripting vulnerability that allows unauthenticated remote attackers to run arbitrary JavaScript in a user’s browser via phishing. The entry specifies network attack vector, low attack complexity, and user interaction required (a...
CVE-2026-2099
CVE-2026-2099 concerns AgentFlow by Flowring, which presents a Stored Cross-Site Scripting (XSS) vulnerability. Authe nticated remote attackers can inject persistent JavaScript that executes in users’ browsers when the page loads. Current metrics (TW CERT references) indicate a MEDIUM severity wi...