Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee
Vulnerability List
Clear Filters
Found 86 results
CVE IDTitleVendorProductSeverityCVSS ScorePublished AtAI Analysis
CVE-2026-40518 ByteDance DeerFlow Path Traversal and Arbitrary File Write via Bootstrap Mode bytedancedeer-flow High 7.1 2026-04-17 16:43:42 Deep Dive
CVE-2026-6125 Dromara warm-flow Workflow Definition save-json SpelHelper.parseExpression code injection Dromarawarm-flow Medium 6.3 2026-04-12 09:30:22 Deep Dive
CVE-2026-23696 Windmill < 1.603.3 File Ownership Handling SQLi RCE Windmill LabsWindmill CE (Community Edition) Critical 9.9 2026-04-07 16:50:53 Deep Dive
CVE-2026-22683 Windmill < 1.615.0 Operator Role Missing Authorization Checks RCE Windmill LabsWindmill CE (Community Edition) High 8.8 2026-04-07 16:50:30 Deep Dive
CVE-2026-4215 FlowCI flow-core-x SMTP Host ConfigServiceImpl.java save server-side request forgery FlowCIflow-core-x Medium 6.3 2026-03-16 04:32:13 Deep Dive
CVE-2026-2742 Unauthorized session creation via reserved framework path access vaadinvaadin--2026-03-10 12:08:49 Deep Dive
CVE-2026-2741 Zip Slip Path Traversal on Node Unpack vaadinvaadin--2026-03-10 12:08:31 Deep Dive
CVE-2026-25632 EPyT-Flow has unsafe JSON deserialization (__type__) WaterFuturesEPyT-Flow Critical 10.0 2026-02-06 20:24:18 Deep Dive
CVE-2025-15285 SEO Flow by LupsOnline <= 2.2.1 - Unauthenticated Arbitrary Post/Category Modification lupsonlineSEO Flow by LupsOnline High 7.5 2026-02-04 08:25:29 Deep Dive
CVE-2026-1126 lwj flow SVG File FormResource.java uploadFile unrestricted upload lwjflow Medium 6.3 2026-01-18 16:32:10 Deep Dive
CVE-2025-15022 Cross-site scripting in Action caption vaadinvaadin 中危 -2026-01-05 07:52:56 Deep Dive
CVE-2025-67750 Lightning Flow Scanner is Vulnerable to Code Injection via Unsafe Use of new Function() in APIVersion Rule Flow-Scannerlightning-flow-scanner High 8.4 2025-12-12 20:14:21 Deep Dive
CVE-2025-13866 Flow-Flow Social Feed Stream 3.0.0 - 4.7.5 - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting via flow_flow_social_auth AJAX action looks_awesomeFlow-Flow Social Feed Stream Medium 6.4 2025-12-12 03:20:37 Deep Dive
CVE-2023-7311 BYTEVALUE Intelligent Flow Control Router Command Injection BYTEVALUE (Luoyang Baiwei Intelligent Technology Co., Ltd.)Flow Control Router--2025-10-15 01:19:38 Deep Dive
CVE-2025-11655 Total.js Flow SVG File unrestricted upload Total.jsFlow Medium 4.7 2025-10-13 01:32:05 Deep Dive
CVE-2025-59568 WordPress Zoho Flow Plugin <= 2.14.1 - Cross Site Request Forgery (CSRF) Vulnerability Zoho FlowZoho Flow Medium 4.3 2025-09-22 18:25:59 Deep Dive
CVE-2025-8479 Zoho Flow <= 2.14.1 - Cross-Site Request Forgery zohoflowZoho Flow – Integrate 100+ plugins with 1000+ business apps, no-code workflow automation Medium 4.3 2025-09-11 06:43:51 Deep Dive
CVE-2025-9467 Possibility to bypass file upload validation on the server-side vaadinvaadin--2025-09-04 06:15:47 Deep Dive
CVE-2025-58625 WordPress WP Flow Plus Plugin <= 5.2.5 - Cross Site Scripting (XSS) Vulnerability Spiffy PluginsWP Flow Plus Medium 5.9 2025-09-03 14:36:53 Deep Dive
CVE-2015-10138 Work The Flow File Upload <= 2.5.2 - Arbitrary File Upload lynton_reedWork The Flow File Upload Critical 9.8 2025-07-19 11:23:38 Deep Dive