cbcvebase.

Digiwin Easyflow Net vulnerabilities

9 known vulnerabilities affecting digiwin/easyflow_net.

Total CVEs
9
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL4HIGH2MEDIUM3

Vulnerabilities

Page 1 of 1
CVE-2026-5964P2CRITICALCVSS 9.8≥ 6.6.0, ≤ 6.6.17v6.1.0+5 more2026-04-20
CVE-2026-5964 [CRITICAL] CWE-89 CVE-2026-5964: EasyFlow .NET developed by Digiwin has a SQL Injection vulnerability, allowing unauthenticated remot EasyFlow .NET developed by Digiwin has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents.
nvd
CVE-2026-5963P2CRITICALCVSS 9.8≥ 6.6.0, ≤ 6.6.17v6.1.0+7 more2026-04-20
CVE-2026-5963 [CRITICAL] CWE-89 CVE-2026-5963: EasyFlow .NET developed by Digiwin has a SQL Injection vulnerability, allowing unauthenticated remot EasyFlow .NET developed by Digiwin has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents.
nvd
CVE-2024-5311P2CRITICALCVSS 9.8v5.xv6.1.x+1 more2024-06-03
CVE-2024-5311 [CRITICAL] CWE-89 CVE-2024-5311: DigiWin EasyFlow .NET lacks validation for certain input parameters. An unauthenticated remote attac DigiWin EasyFlow .NET lacks validation for certain input parameters. An unauthenticated remote attacker can inject arbitrary SQL commands to read, modify, and delete database records.
nvd
CVE-2024-4893P2CRITICALCVSS 9.8v3.xv5.x+2 more2024-05-15
CVE-2024-4893 [CRITICAL] CWE-89 CVE-2024-4893: DigiWin EasyFlow .NET lacks validation for certain input parameters, allowing remote attackers to in DigiWin EasyFlow .NET lacks validation for certain input parameters, allowing remote attackers to inject arbitrary SQL commands. This vulnerability enables unauthorized access to read, modify, and delete database records, as well as execute system commands.
nvd
CVE-2025-11949P3HIGHCVSS 7.5≤ 6.6.192025-10-21
CVE-2025-11949 [HIGH] CWE-306 CVE-2025-11949: EasyFlow .NET and EasyFlow AiNet, developed by Digiwin, has a Missing Authentication vulnerability, EasyFlow .NET and EasyFlow AiNet, developed by Digiwin, has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to obtain database administrator credentials via a specific functionality.
nvd
CVE-2025-12503P3MEDIUMCVSS 6.5≤ 6.6.192025-11-03
CVE-2025-12503 [MEDIUM] CWE-89 CVE-2025-12503: EasyFlow .NET and EasyFlow AiNet developed by Digiwin has a SQL Injection vulnerability, allowing au EasyFlow .NET and EasyFlow AiNet developed by Digiwin has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary SQL commands to read database contents.
nvd
CVE-2026-12581P3HIGHCVSS 7.5≤ 8.1.42026-06-22
CVE-2026-12581 [HIGH] CWE-384 CVE-2026-12581: EasyFlow .NET developed by Digiwin has a Session Fixation vulnerability. If unauthenticated remote a EasyFlow .NET developed by Digiwin has a Session Fixation vulnerability. If unauthenticated remote attackers replace a specific session ID for a user, they can gain the user's privilege once the user logs in.
nvd
CVE-2024-7323P3MEDIUMCVSS 6.5fixed in 6.6.17v5.*+2 more2024-08-02
CVE-2024-7323 [MEDIUM] CWE-36 CVE-2024-7323: Digiwin EasyFlow .NET lacks proper access control for specific functionality, and the functionality Digiwin EasyFlow .NET lacks proper access control for specific functionality, and the functionality do not adequately filter user input. A remote attacker with regular privilege can exploit this vulnerability to download arbitrary files from the remote server .
nvd
CVE-2026-12580P4MEDIUMCVSS 5.4≤ 8.1.42026-06-22
CVE-2026-12580 [MEDIUM] CWE-79 CVE-2026-12580: EasyFlow .NET developed by Digiwin has a Stored Cross-Site Scripting vulnerability, allowing authent EasyFlow .NET developed by Digiwin has a Stored Cross-Site Scripting vulnerability, allowing authenticated remote attackers to inject persistent JavaScript code executed in users' browsers upon page load.
nvd
Digiwin Easyflow Net vulnerabilities | cvebase