Security Vulnerabilities
A vulnerability has been identified in Simcenter Femap (All versions < V2512), Simcenter Nastran (All versions < V2512). The affected application is vulnerable to heap-based buffer overflow while parsing specially crafted NDB files. This could allow an attacker to execute code in the context of the current process.
CVSS Score
7.8
EPSS Score
0.0
Published
2026-02-10
Agentflow developed by Flowring has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to read, modify, and delete database contents by using a specific functionality.
CVSS Score
9.8
EPSS Score
0.002
Published
2026-02-10
Agentflow developed by Flowring has an Arbitrary File Upload vulnerability, allowing authenticated remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server.
CVSS Score
8.8
EPSS Score
0.002
Published
2026-02-10
AgentFlow developed by Flowring has a Reflected Cross-site Scripting vulnerability, allowing unauthenticated remote attackers to execute arbitrary JavaScript codes in user's browser through phishing attacks.
CVSS Score
6.1
EPSS Score
0.0
Published
2026-02-10
AgentFlow developed by Flowring has a Stored Cross-Site Scripting vulnerability, allowing authenticated remote attackers to inject persistent JavaScript codes that are executed in users' browsers upon page load.
CVSS Score
5.4
EPSS Score
0.0
Published
2026-02-10
Agentflow developed by Flowring has an Authentication Bypass vulnerability, allowing unauthenticated remote attackers to exploit a specific functionality to obtain arbitrary user authentication token and log into the system as any user.
CVSS Score
9.8
EPSS Score
0.005
Published
2026-02-10
An insecure direct object reference allowed a non-admin user to modify or remove certain data objects without having the appropriate permissions.
CVSS Score
5.7
EPSS Score
0.0
Published
2026-02-10
An AXIS Camera Station Pro feature can be exploited in a way that allows a non-admin user to view information they are not permitted to.
CVSS Score
4.6
EPSS Score
0.0
Published
2026-02-10
A server-side injection was possible for a malicious admin to manipulate the application to include a malicious script which is executed by the server. This attack is only possible if the admin uses a client that have been tampered with.
CVSS Score
4.5
EPSS Score
0.0
Published
2026-02-10
AXIS Camera Station Pro contained a flaw to perform a privilege escalation attack on the server as a non-admin user.
CVSS Score
7.8
EPSS Score
0.0
Published
2026-02-10