Freeflow Core

freeflow_core

Vendor: Xerox • 8 CVEs

CVEs (8)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2026-2252 1Xerox 1Freeflow Core Mar 2, 2026 Feb 27, 2026 N/A· v4 7.5 HIGH· v3 N/A· v2 An XML External Entity (XXE) vulnerability allows malicious user to perform Server-Side Request Forgery (SSRF) via crafted XML input containing malicious external entity references. This issue affects Xerox FreeFlow Cor...Show more An XML External Entity (XXE) vulnerability allows malicious user to perform Server-Side Request Forgery (SSRF) via crafted XML input containing malicious external entity references. This issue affects Xerox FreeFlow Core versions up to and including 8.0.7. Please consider upgrading to FreeFlow Core version 8.1.0 via the software available on - https://www.support.xerox.com/en-us/product/core/downloadsShow less
CVE-2026-2251 1Xerox 1Freeflow Core Mar 2, 2026 Feb 27, 2026 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Improper limitation of a pathname to a restricted directory (Path Traversal) vulnerability in Xerox FreeFlow Core allows unauthorized path traversal leading to RCE. This issue affects Xerox FreeFlow Core versions up to...Show more Improper limitation of a pathname to a restricted directory (Path Traversal) vulnerability in Xerox FreeFlow Core allows unauthorized path traversal leading to RCE. This issue affects Xerox FreeFlow Core versions up to and including 8.0.7. Please consider upgrading to FreeFlow Core version 8.1.0 via the software available on - https://www.support.xerox.com/en-us/product/core/downloads https://www.support.xerox.com/en-us/product/core/downloadsShow less
CVE-2025-8356 1Xerox 1Freeflow Core Aug 18, 2025 Aug 8, 2025 N/A· v4 9.8 CRITICAL· v3 N/A· v2 In Xerox FreeFlow Core version 8.0.4, an attacker can exploit a Path Traversal vulnerability to access unauthorized files on the server. This can lead to Remote Code Execution (RCE), allowing the attacker to run arbitrar...Show more In Xerox FreeFlow Core version 8.0.4, an attacker can exploit a Path Traversal vulnerability to access unauthorized files on the server. This can lead to Remote Code Execution (RCE), allowing the attacker to run arbitrary commands on the system.Show less
CVE-2025-8355 1Xerox 1Freeflow Core Aug 14, 2025 Aug 8, 2025 N/A· v4 7.5 HIGH· v3 N/A· v2 In Xerox FreeFlow Core version 8.0.4, improper handling of XML input allows injection of external entities. An attacker can craft malicious XML containing references to internal URLs, this results in a Server-Side Reques...Show more In Xerox FreeFlow Core version 8.0.4, improper handling of XML input allows injection of external entities. An attacker can craft malicious XML containing references to internal URLs, this results in a Server-Side Request Forgery (SSRF).Show less
CVE-2024-47559 1Xerox 1Freeflow Core Oct 16, 2024 Oct 7, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 Authenticated RCE via Path Traversal
CVE-2024-47558 1Xerox 1Freeflow Core Oct 16, 2024 Oct 7, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 Authenticated RCE via Path Traversal
CVE-2024-47557 1Xerox 1Freeflow Core Oct 16, 2024 Oct 7, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Pre-Auth RCE via Path Traversal
CVE-2024-47556 1Xerox 1Freeflow Core Oct 16, 2024 Oct 7, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Pre-Auth RCE via Path Traversal