VYPR

Flow

by Nextcloud

CVEs (2)

  • CVE-2026-22683HigApr 7, 2026
    risk 0.50cvss 8.8epss 0.01

    Windmill versions 1.56.0 through 1.614.0 contain a missing authorization vulnerability that allows users with the Operator role to perform prohibited entity creation and modification actions via the backend API. Although Operators are documented and priced as unable to create or…

  • CVE-2021-25507Nov 5, 2021
    risk 0.00cvss epss 0.00

    Improper authorization vulnerability in Samsung Flow mobile application prior to 4.8.03.5 allows Samsung Flow PC application connected with user device to access part of notification data in Secure Folder without authorization.