Every CVE whose affected-product data names Flowring Agentflow, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (9)
CVE-2022-39036 — CVSS 9.8 (critical): The file upload function of Agentflow BPM has insufficient filtering for special characters in URLs. An unauthenticated remote attacker can…
CVE-2025-3709 — CVSS 9.8 (critical): Agentflow from Flowring Technology has an Account Lockout Bypass vulnerability, allowing unauthenticated remote attackers to exploit this…
CVE-2026-2095 — CVSS 9.8 (critical): Agentflow developed by Flowring has an Authentication Bypass vulnerability, allowing unauthenticated remote attackers to exploit a specific…
CVE-2026-2096 — CVSS 9.8 (critical): Agentflow developed by Flowring has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to read, modify, and…
CVE-2022-39038 — CVSS 8.8 (high): Agentflow BPM enterprise management system has improper authentication. A remote attacker with general user privilege can change the name…
CVE-2026-2097 — CVSS 8.8 (high): Agentflow developed by Flowring has an Arbitrary File Upload vulnerability, allowing authenticated remote attackers to upload and execute…
CVE-2022-39037 — CVSS 7.5 (high): Agentflow BPM file download function has a path traversal vulnerability. An unauthenticated remote attacker can exploit this vulnerability…
CVE-2026-2098 — CVSS 6.1 (medium): AgentFlow developed by Flowring has a Reflected Cross-site Scripting vulnerability, allowing unauthenticated remote attackers to execute…
CVE-2026-2099 — CVSS 5.4 (medium): AgentFlow developed by Flowring has a Stored Cross-Site Scripting vulnerability, allowing authenticated remote attackers to inject…