Security Vulnerabilities - CVEs Published In February 2026
AgentFlow developed by Flowring has a Reflected Cross-site Scripting vulnerability, allowing unauthenticated remote attackers to execute arbitrary JavaScript codes in user's browser through phishing attacks.
CVSS Score
5.1
EPSS Score
0.001
Published
2026-02-10
AgentFlow developed by Flowring has a Stored Cross-Site Scripting vulnerability, allowing authenticated remote attackers to inject persistent JavaScript codes that are executed in users' browsers upon page load.
CVSS Score
5.1
EPSS Score
0.001
Published
2026-02-10
Agentflow developed by Flowring has an Authentication Bypass vulnerability, allowing unauthenticated remote attackers to exploit a specific functionality to obtain arbitrary user authentication token and log into the system as any user.
CVSS Score
9.3
EPSS Score
0.005
Published
2026-02-10
An insecure direct object reference allowed a non-admin user to modify or remove certain data objects without having the appropriate permissions.
CVSS Score
5.7
EPSS Score
0.0
Published
2026-02-10
An AXIS Camera Station Pro feature can be exploited in a way that allows a non-admin user to view information they are not permitted to.
CVSS Score
4.6
EPSS Score
0.0
Published
2026-02-10
A server-side injection was possible for a malicious admin to manipulate the application to include a malicious script which is executed by the server. This attack is only possible if the admin uses a client that have been tampered with.
CVSS Score
4.5
EPSS Score
0.0
Published
2026-02-10
AXIS Camera Station Pro contained a flaw to perform a privilege escalation attack on the server as a non-admin user.
CVSS Score
7.8
EPSS Score
0.0
Published
2026-02-10
The VAPIX API mediaclip.cgi that did not have a sufficient input validation allowing for a possible remote code execution. This flaw can only be exploited after authenticating with an operator- or administrator- privileged service account.
CVSS Score
7.1
EPSS Score
0.001
Published
2026-02-10
Due to missing authorization check in SAP Strategic Enterprise Management (Balanced Scorecard in Business Server Pages), an authenticated attacker could access information that they are otherwise unauthorized to view. This leads to low impact on confidentiality and no effect on integrity or availability.
CVSS Score
4.3
EPSS Score
0.0
Published
2026-02-10
SAP TAF_APPLAUNCHER within Business Server Pages allows unauthenticated attacker to craft malicious links that, when clicked by a victim, redirect them to attacker?controlled sites, potentially exposing or altering sensitive information in the victim�s browser. This results in a low impact on confidentiality and integrity, with no impact on the availability of the application.
CVSS Score
6.1
EPSS Score
0.001
Published
2026-02-10