Security Vulnerabilities
Agentflow developed by Flowring has an Authentication Bypass vulnerability, allowing unauthenticated remote attackers to exploit a specific functionality to obtain arbitrary user authentication token and log into the system as any user.
CVSS Score
9.8
EPSS Score
0.005
Published
2026-02-10
An insecure direct object reference allowed a non-admin user to modify or remove certain data objects without having the appropriate permissions.
CVSS Score
5.7
EPSS Score
0.0
Published
2026-02-10
An AXIS Camera Station Pro feature can be exploited in a way that allows a non-admin user to view information they are not permitted to.
CVSS Score
4.6
EPSS Score
0.0
Published
2026-02-10
A server-side injection was possible for a malicious admin to manipulate the application to include a malicious script which is executed by the server. This attack is only possible if the admin uses a client that have been tampered with.
CVSS Score
4.5
EPSS Score
0.0
Published
2026-02-10
AXIS Camera Station Pro contained a flaw to perform a privilege escalation attack on the server as a non-admin user.
CVSS Score
7.8
EPSS Score
0.0
Published
2026-02-10
Due to missing authorization check in SAP Strategic Enterprise Management (Balanced Scorecard in Business Server Pages), an authenticated attacker could access information that they are otherwise unauthorized to view. This leads to low impact on confidentiality and no effect on integrity or availability.
CVSS Score
4.3
EPSS Score
0.0
Published
2026-02-10
SAP TAF_APPLAUNCHER within Business Server Pages allows unauthenticated attacker to craft malicious links that, when clicked by a victim, redirect them to attacker?controlled sites, potentially exposing or altering sensitive information in the victim�s browser. This results in a low impact on confidentiality and integrity, with no impact on the availability of the application.
CVSS Score
6.1
EPSS Score
0.001
Published
2026-02-10
A vulnerability has been found in aardappel lobster up to 2025.4. Affected by this issue is the function lobster::Parser::ParseStatements in the library dev/src/lobster/parser.h of the component Parsing. The manipulation leads to memory corruption. The attack can only be performed from a local environment. The exploit has been disclosed to the public and may be used. The identifier of the patch is 2f45fe860d00990e79e13250251c1dde633f1f89. Applying a patch is the recommended action to fix this issue.
CVSS Score
3.3
EPSS Score
0.0
Published
2026-02-10
A vulnerability was found in D-Link DCS-931L up to 1.13.0. This affects an unknown part of the file /goform/setSysAdmin. The manipulation of the argument AdminID results in os command injection. The attack can be executed remotely. The exploit has been made public and could be used. This vulnerability only affects products that are no longer supported by the maintainer.
CVSS Score
7.2
EPSS Score
0.002
Published
2026-02-10
SAP Commerce Cloud exposes multiple API endpoints to unauthenticated users, allowing them to submit requests to these open endpoints to retrieve sensitive information that is not intended to be publicly accessible via the front-end. This vulnerability has a low impact on confidentiality and does not affect integrity and availability.
CVSS Score
5.3
EPSS Score
0.0
Published
2026-02-10