Agentflow
Monthly
Authenticated attackers can inject malicious JavaScript into Flowring's AgentFlow platform that persists and executes in other users' browsers when they load affected pages, potentially compromising user sessions and data. This stored cross-site scripting vulnerability affects the AI/ML and Agentflow products and requires user interaction to trigger, though no patch is currently available.
Reflected XSS in AgentFlow enables unauthenticated attackers to inject malicious JavaScript that executes in victims' browsers during phishing campaigns, potentially compromising user sessions and data. The vulnerability affects the AI/ML platform with no patch currently available, requiring users to rely on defensive measures such as email filtering and user awareness training.
Agentflow versions up to - is affected by unrestricted upload of file with dangerous type (CVSS 8.8).
Missing authentication in Flowring Agentflow allows unauthenticated attackers to read, modify, and delete data. Second auth bypass CVE.
Authentication bypass in Flowring Agentflow workflow system allows unauthenticated remote attackers to exploit specific functions. EPSS 0.63%.
Agentflow from Flowring Technology has an Account Lockout Bypass vulnerability, allowing unauthenticated remote attackers to exploit this vulnerability to perform password brute force attack. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Authenticated attackers can inject malicious JavaScript into Flowring's AgentFlow platform that persists and executes in other users' browsers when they load affected pages, potentially compromising user sessions and data. This stored cross-site scripting vulnerability affects the AI/ML and Agentflow products and requires user interaction to trigger, though no patch is currently available.
Reflected XSS in AgentFlow enables unauthenticated attackers to inject malicious JavaScript that executes in victims' browsers during phishing campaigns, potentially compromising user sessions and data. The vulnerability affects the AI/ML platform with no patch currently available, requiring users to rely on defensive measures such as email filtering and user awareness training.
Agentflow versions up to - is affected by unrestricted upload of file with dangerous type (CVSS 8.8).
Missing authentication in Flowring Agentflow allows unauthenticated attackers to read, modify, and delete data. Second auth bypass CVE.
Authentication bypass in Flowring Agentflow workflow system allows unauthenticated remote attackers to exploit specific functions. EPSS 0.63%.
Agentflow from Flowring Technology has an Account Lockout Bypass vulnerability, allowing unauthenticated remote attackers to exploit this vulnerability to perform password brute force attack. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.