Xerox Freeflow_core
8 CVEs affecting Xerox Freeflow_core. Latest disclosed: 2026-02-27. Critical: 2, High: 6.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-2251 | Critical | 9.8 | 2026-02-27 | Improper limitation of a pathname to a restricted directory (Path Traversal) vulnerability in Xerox FreeFlow Core allows unauthorized path traversal leading to… |
CVE-2025-8356 | Critical | 9.8 | 2025-08-08 | In Xerox FreeFlow Core version 8.0.4, an attacker can exploit a Path Traversal vulnerability to access unauthorized files on the server. This can lead to Remot… |
CVE-2024-47557 | High | 8.3 | 2024-10-07 | Pre-Auth RCE via Path Traversal |
CVE-2024-47556 | High | 8.3 | 2024-10-07 | Pre-Auth RCE via Path Traversal |
CVE-2024-47559 | High | 7.6 | 2024-10-07 | Authenticated RCE via Path Traversal |
CVE-2024-47558 | High | 7.6 | 2024-10-07 | Authenticated RCE via Path Traversal |
CVE-2026-2252 | High | 7.5 | 2026-02-27 | An XML External Entity (XXE) vulnerability allows malicious user to perform Server-Side Request Forgery (SSRF) via crafted XML input containing malicious exter… |
CVE-2025-8355 | High | 7.5 | 2025-08-08 | In Xerox FreeFlow Core version 8.0.4, improper handling of XML input allows injection of external entities. An attacker can craft malicious XML containing refe… |