xerox freeflow_core CVE Vulnerabilities (8)

CVEs: 8 CPE versions: View versions table

Summary

This page lists publicly disclosed CVE vulnerabilities affecting xerox freeflow_core (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.

Showing 18 of 8 CVEs
«« First « Prev Page 1 / 1 Next »
CVE Summary Source Max CVSS EPSS % Published Updated
CVE-2026-2252 An XML External Entity (XXE) vulnerability allows malicious user to perform Server-Side Request Forgery (SSRF) via crafted XML input containing malicious external entity references. This issue affects Xerox FreeFlow Core versions up to and including 8.0.7.  Please consider upgrading to FreeFlow Core version 8.1.0 via the software available on -  https://www.support.xerox.com/en-us/product/core/downloads 10b61619-3869-496c-8a1e-f291b0e71e3f 7.5 0.27% 2026-02-27 2026-06-17
CVE-2026-2251 Improper limitation of a pathname to a restricted directory (Path Traversal) vulnerability in Xerox FreeFlow Core allows unauthorized path traversal leading to RCE. This issue affects Xerox FreeFlow Core versions up to and including 8.0.7. Please consider upgrading to FreeFlow Core version 8.1.0 via the software available on - https://www.support.xerox.com/en-us/product/core/downloads https://www.support.xerox.com/en-us/product/core/downloads 10b61619-3869-496c-8a1e-f291b0e71e3f 9.8 0.39% 2026-02-27 2026-06-17
CVE-2025-8356 In Xerox FreeFlow Core version 8.0.4, an attacker can exploit a Path Traversal vulnerability to access unauthorized files on the server. This can lead to Remote Code Execution (RCE), allowing the attacker to run arbitrary commands on the system. 10b61619-3869-496c-8a1e-f291b0e71e3f 9.8 14.72% 2025-08-08 2026-06-17
CVE-2025-8355 In Xerox FreeFlow Core version 8.0.4, improper handling of XML input allows injection of external entities. An attacker can craft malicious XML containing references to internal URLs, this results in a Server-Side Request Forgery (SSRF). 10b61619-3869-496c-8a1e-f291b0e71e3f 7.5 6.93% 2025-08-08 2026-06-17
CVE-2024-47559 Authenticated RCE via Path Traversal 10b61619-3869-496c-8a1e-f291b0e71e3f 7.6 0.53% 2024-10-07 2026-06-17
CVE-2024-47558 Authenticated RCE via Path Traversal 10b61619-3869-496c-8a1e-f291b0e71e3f 7.6 0.53% 2024-10-07 2026-06-17
CVE-2024-47557 Pre-Auth RCE via Path Traversal 10b61619-3869-496c-8a1e-f291b0e71e3f 8.3 0.50% 2024-10-07 2026-06-17
CVE-2024-47556 Pre-Auth RCE via Path Traversal 10b61619-3869-496c-8a1e-f291b0e71e3f 8.3 0.50% 2024-10-07 2026-06-17
«« First « Prev Page 1 / 1 Next »
cvelogic Threat Intelligence