2 matches found
CVE-2025-15227
The CVE concerns BPMFlowWebkit from WELLTEND TECHNOLOGY, with an Arbitrary File Read vulnerability exploitable via Absolute Path Traversal. The description across sources states unauthenticated remote attackers can download arbitrary system files. Documents do not specify affected versions, vulne...
CVE-2025-15228
BPMFlowWebkit by WELLTEND TECHNOLOGY is affected by an Arbitrary File Upload vulnerability that enables unauthenticated remote attackers to upload and execute a Web Shell backdoor, leading to arbitrary code execution on the server. Affected component is BPMFlowWebkit; root cause is an arbitrary f...