VYPR

Flow

by Totaljs

Source repositories

CVEs (5)

  • CVE-2025-50881HigMar 16, 2026
    risk 0.57cvss 8.8epss 0.01

    The `flow/admin/moniteur.php` script in Use It Flow administration website before 10.0.0 is vulnerable to Remote Code Execution. When handling GET requests, the script takes user-supplied input from the `action` URL parameter, performs insufficient validation, and incorporates…

  • CVE-2025-11655MedOct 13, 2025
    risk 0.31cvss 4.7epss 0.00

    A security flaw has been discovered in Total.js Flow up to 673ef9144dd25d4f4fd4fdfda5af27f230198924. The impacted element is an unknown function of the component SVG File Handler. Performing manipulation results in unrestricted upload. The attack can be initiated remotely. The…

  • CVE-2025-20972May 7, 2025
    risk 0.00cvss epss 0.00

    Improper verification of intent by broadcast receiver in Samsung Flow prior to version 4.9.17.6 allows local attackers to modify Samsung Flow configuration.

  • CVE-2025-20971May 7, 2025
    risk 0.00cvss epss 0.00

    Improper input validation in Samsung Flow prior to version 4.9.17.6 allows local attackers to access data within Samsung Flow.

  • CVE-2023-30094May 4, 2023
    risk 0.00cvss epss 0.01

    A stored cross-site scripting (XSS) vulnerability in TotalJS Flow v10 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the platform name field in the settings module.