Flowring Agentflow

9 CVEs affecting Flowring Agentflow. Latest disclosed: 2026-02-10. Critical: 4, High: 3.

Top CVEs affecting Flowring Agentflow
CVESeverityScorePublishedSummary
CVE-2026-2096Critical9.82026-02-10Agentflow developed by Flowring has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to read, modify, and delete database cont…
CVE-2026-2095Critical9.82026-02-10Agentflow developed by Flowring has an Authentication Bypass vulnerability, allowing unauthenticated remote attackers to exploit a specific functionality to ob…
CVE-2025-3709Critical9.82025-05-02Agentflow from Flowring Technology has an Account Lockout Bypass vulnerability, allowing unauthenticated remote attackers to exploit this vulnerability to perf…
CVE-2022-39036Critical9.82022-11-10The file upload function of Agentflow BPM has insufficient filtering for special characters in URLs. An unauthenticated remote attacker can exploit this vulner…
CVE-2026-2097High8.82026-02-10Agentflow developed by Flowring has an Arbitrary File Upload vulnerability, allowing authenticated remote attackers to upload and execute web shell backdoors…
CVE-2022-39038High8.82022-11-10Agentflow BPM enterprise management system has improper authentication. A remote attacker with general user privilege can change the name of the user account t…
CVE-2022-39037High7.52022-11-10Agentflow BPM file download function has a path traversal vulnerability. An unauthenticated remote attacker can exploit this vulnerability to bypass authentica…
CVE-2026-2098Medium6.12026-02-10AgentFlow developed by Flowring has a Reflected Cross-site Scripting vulnerability, allowing unauthenticated remote attackers to execute arbitrary JavaScript c…
CVE-2026-2099Medium5.42026-02-10AgentFlow developed by Flowring has a Stored Cross-Site Scripting vulnerability, allowing authenticated remote attackers to inject persistent JavaScript codes…