Export CSV

Products

1 vendor
VendorProductsCVEsKEVAvg EPSSWorst Severity
50119063.0%CRITICAL

Related CVEs

100+
CVE IDDescriptionSeverityCVSSKEVEPSSPublished
CVE-2026-2252An XML External Entity (XXE) vulnerability allows malicious user to perform Server-Side Request Forgery (SSRF) via crafted XML input containing malicious external entity references. This issue affects Xerox FreeFlow Core versions up to and including 8.0.7.  Please consider upgrading to FreeFlow Core version 8.1.0 via the software available on -  https://www.support.xerox.com/en-us/product/core/downloadsHIGH7.517.8%Feb 27, 2026
CVE-2026-2251Improper limitation of a pathname to a restricted directory (Path Traversal) vulnerability in Xerox FreeFlow Core allows unauthorized path traversal leading to RCE. This issue affects Xerox FreeFlow Core versions up to and including 8.0.7. Please consider upgrading to FreeFlow Core version 8.1.0 via the software available on - https://www.support.xerox.com/en-us/product/core/downloads https://www.support.xerox.com/en-us/product/core/downloadsCRITICAL9.830.8%Feb 27, 2026
CVE-2026-1769Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Xerox CentreWare on Windows allows Stored XSS.This issue affects CentreWare: through 7.0.6.  Consider upgrading Xerox® CentreWare Web® to v7.2.2.25 via the software available on Xerox.comMEDIUM5.44.2%Feb 6, 2026
CVE-2025-8356In Xerox FreeFlow Core version 8.0.4, an attacker can exploit a Path Traversal vulnerability to access unauthorized files on the server. This can lead to Remote Code Execution (RCE), allowing the attacker to run arbitrary commands on the system.CRITICAL9.896.2%Aug 8, 2025
CVE-2025-8355In Xerox FreeFlow Core version 8.0.4, improper handling of XML input allows injection of external entities. An attacker can craft malicious XML containing references to internal URLs, this results in a Server-Side Request Forgery (SSRF).HIGH7.593.3%Aug 8, 2025
CVE-2024-55931Xerox Workplace Suite stores tokens in session storage, which may expose them to potential access if a user's session is compromised.  The patch for this vulnerability will be included in a future release of Workplace Suite, and customers will be notified through an update to the security bulletin.MEDIUM6.526.3%Jan 27, 2025
CVE-2024-55930Xerox Workplace Suite has weak default folder permissions that allow unauthorized users to access, modify, or delete filesCRITICAL9.819.9%Jan 23, 2025
CVE-2024-55929A mail spoofing vulnerability in Xerox Workplace Suite allows attackers to forge email headers, making it appear as though messages are sent from trusted sources.MEDIUM5.37.6%Jan 23, 2025
CVE-2024-55928Xerox Workplace Suite exposes sensitive secrets in clear text, both locally and remotely. This vulnerability allows attackers to intercept or access secrets without encryptionHIGH7.54.0%Jan 23, 2025
CVE-2024-55927A vulnerability in Xerox Workplace Suite arises from flawed token generation and the use of hard-coded keys. These weaknesses allow attackers to predict or forge tokens, leading to unauthorized access to sensitive functions.HIGH7.517.2%Jan 23, 2025
CVE-2024-55926A vulnerability found in Xerox Workplace Suite allows arbitrary file read, upload, and deletion on the server through crafted header manipulation. By exploiting improper validation of headers, attackers can gain unauthorized access to dataCRITICAL9.832.7%Jan 23, 2025
CVE-2024-55925In Xerox Workplace Suite, an API restricted to specific hosts can be bypassed by manipulating the Host header. If the server improperly validates or trusts the Host header without verifying the actual destination, an attacker can forge a value to gain unauthorized access. This exploit targets improper host validation, potentially exposing sensitive API endpoints.HIGH7.526.9%Jan 23, 2025
CVE-2024-47559Authenticated RCE via Path TraversalHIGH8.838.1%Oct 7, 2024
CVE-2024-47558Authenticated RCE via Path TraversalHIGH8.838.1%Oct 7, 2024
CVE-2024-47557Pre-Auth RCE via Path TraversalCRITICAL9.839.2%Oct 7, 2024
CVE-2024-47556Pre-Auth RCE via Path TraversalCRITICAL9.839.2%Oct 7, 2024
CVE-2023-46327Multiple MFPs (multifunction printers) provided by FUJIFILM Business Innovation Corp. and Xerox Corporation provide a facility to export the contents of their Address Book with encrypted form, but the encryption strength is insufficient. With the knowledge of the encryption process and the encryption key, the information such as the server credentials may be obtained from the exported Address Book data. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References].MEDIUM5.926.9%Nov 2, 2023
CVE-2022-45897On Xerox WorkCentre 3550 25.003.03.000 devices, an authenticated attacker can view the SMB server settings and can obtain the stored cleartext credentials associated with those settings.MEDIUM6.5Jan 31, 2023
CVE-2022-26572Xerox ColorQube 8580 was discovered to contain an access control issue which allows attackers to print, view the status, and obtain sensitive information.HIGH7.5Apr 4, 2022
CVE-2021-37354Xerox Phaser 4622 v35.013.01.000 was discovered to contain a buffer overflow in the function sub_3226AC via the TIMEZONE variable. This vulnerability allows attackers to cause a Denial of Service (DoS) via crafted overflow data.CRITICAL9.8Feb 15, 2022