Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by vendor Xerox Subscribe
Filtered by product Freeflow Core
Total 6 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2025-8356 1 Xerox 1 Freeflow Core 2025-08-14 N/A 9.8 CRITICAL
In Xerox FreeFlow Core version 8.0.4, an attacker can exploit a Path Traversal vulnerability to access unauthorized files on the server. This can lead to Remote Code Execution (RCE), allowing the attacker to run arbitrary commands on the system.
CVE-2025-8355 1 Xerox 1 Freeflow Core 2025-08-14 N/A 7.5 HIGH
In Xerox FreeFlow Core version 8.0.4, improper handling of XML input allows injection of external entities. An attacker can craft malicious XML containing references to internal URLs, this results in a Server-Side Request Forgery (SSRF).
CVE-2024-47559 1 Xerox 1 Freeflow Core 2024-10-16 N/A 8.8 HIGH
Authenticated RCE via Path Traversal
CVE-2024-47558 1 Xerox 1 Freeflow Core 2024-10-16 N/A 8.8 HIGH
Authenticated RCE via Path Traversal
CVE-2024-47556 1 Xerox 1 Freeflow Core 2024-10-16 N/A 9.8 CRITICAL
Pre-Auth RCE via Path Traversal
CVE-2024-47557 1 Xerox 1 Freeflow Core 2024-10-16 N/A 9.8 CRITICAL
Pre-Auth RCE via Path Traversal