Freeflow Core CVEs and Security Vulnerabilities

Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (9 CVEs found)

Export CSV

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2026-2251	1 Xerox	1 Freeflow Core	2026-02-27	9.8 Critical
Improper limitation of a pathname to a restricted directory (Path Traversal) vulnerability in Xerox FreeFlow Core allows unauthorized path traversal leading to RCE. This issue affects Xerox FreeFlow Core versions up to and including 8.0.7. Please consider upgrading to FreeFlow Core version 8.1.0 via the software available on - https://www.support.xerox.com/en-us/product/core/downloads https://www.support.xerox.com/en-us/product/core/downloads
CVE-2026-2252	1 Xerox	1 Freeflow Core	2026-02-27	7.5 High
An XML External Entity (XXE) vulnerability allows malicious user to perform Server-Side Request Forgery (SSRF) via crafted XML input containing malicious external entity references. This issue affects Xerox FreeFlow Core versions up to and including 8.0.7. Please consider upgrading to FreeFlow Core version 8.1.0 via the software available on - https://www.support.xerox.com/en-us/product/core/downloads
CVE-2025-8356	1 Xerox	1 Freeflow Core	2026-02-26	9.8 Critical
In Xerox FreeFlow Core version 8.0.4, an attacker can exploit a Path Traversal vulnerability to access unauthorized files on the server. This can lead to Remote Code Execution (RCE), allowing the attacker to run arbitrary commands on the system.
CVE-2025-8355	1 Xerox	1 Freeflow Core	2025-08-14	7.5 High
In Xerox FreeFlow Core version 8.0.4, improper handling of XML input allows injection of external entities. An attacker can craft malicious XML containing references to internal URLs, this results in a Server-Side Request Forgery (SSRF).
CVE-2024-47559	1 Xerox	1 Freeflow Core	2024-10-16	7.6 High
Authenticated RCE via Path Traversal
CVE-2024-47558	1 Xerox	1 Freeflow Core	2024-10-16	7.6 High
Authenticated RCE via Path Traversal
CVE-2024-47556	1 Xerox	1 Freeflow Core	2024-10-16	8.3 High
Pre-Auth RCE via Path Traversal
CVE-2024-47557	1 Xerox	1 Freeflow Core	2024-10-16	8.3 High
Pre-Auth RCE via Path Traversal
CVE-2024-47555	1 Xerox	1 Freeflow Core	2024-10-10	8.3 High
Missing Authentication - User & System Configuration

Page 1 of 1.