Security Vulnerabilities
A vulnerability has been identified in SINEC NMS (All versions), User Management Component (UMC) (All versions < V2.15.2.1). The affected application permits improper modification of a configuration file by a low-privileged user.
This could allow an attacker to load malicious DLLs, potentially leading to arbitrary code execution with SYSTEM privileges.(ZDI-CAN-28108)
CVSS Score
7.8
EPSS Score
0.0
Published
2026-02-10
A vulnerability has been identified in Simcenter Femap (All versions < V2512), Simcenter Nastran (All versions < V2512). The affected applications contains an out of bounds write vulnerability while parsing specially crafted XDB files. This could allow an attacker to execute code in the context of the current process.
CVSS Score
7.8
EPSS Score
0.0
Published
2026-02-10
A vulnerability has been identified in Simcenter Femap (All versions < V2512), Simcenter Nastran (All versions < V2512). The affected applications contains an out of bounds read vulnerability while parsing specially crafted XDB files. This could allow an attacker to execute code in the context of the current process.
CVSS Score
7.8
EPSS Score
0.0
Published
2026-02-10
A vulnerability has been identified in Simcenter Femap (All versions < V2512), Simcenter Nastran (All versions < V2512). The affected applications contains an out of bounds read vulnerability while parsing specially crafted XDB files. This could allow an attacker to execute code in the context of the current process.
CVSS Score
7.8
EPSS Score
0.0
Published
2026-02-10
A vulnerability has been identified in Simcenter Femap (All versions < V2512), Simcenter Nastran (All versions < V2512). The affected applications contains an out of bounds read vulnerability while parsing specially crafted NDB files. This could allow an attacker to execute code in the context of the current process.
CVSS Score
7.8
EPSS Score
0.0
Published
2026-02-10
A vulnerability has been identified in Simcenter Femap (All versions < V2512), Simcenter Nastran (All versions < V2512). The affected application is vulnerable to heap-based buffer overflow while parsing specially crafted NDB files. This could allow an attacker to execute code in the context of the current process.
CVSS Score
7.8
EPSS Score
0.0
Published
2026-02-10
Agentflow developed by Flowring has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to read, modify, and delete database contents by using a specific functionality.
CVSS Score
9.8
EPSS Score
0.002
Published
2026-02-10
Agentflow developed by Flowring has an Arbitrary File Upload vulnerability, allowing authenticated remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server.
CVSS Score
8.8
EPSS Score
0.002
Published
2026-02-10
AgentFlow developed by Flowring has a Reflected Cross-site Scripting vulnerability, allowing unauthenticated remote attackers to execute arbitrary JavaScript codes in user's browser through phishing attacks.
CVSS Score
6.1
EPSS Score
0.0
Published
2026-02-10
AgentFlow developed by Flowring has a Stored Cross-Site Scripting vulnerability, allowing authenticated remote attackers to inject persistent JavaScript codes that are executed in users' browsers upon page load.
CVSS Score
5.4
EPSS Score
0.0
Published
2026-02-10