Browse all 15 CVE security advisories affecting infiniflow. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Infiniflow is an enterprise workflow automation platform designed to streamline business processes through visual workflow design and integration capabilities. Historically, the platform has been susceptible to multiple remote code execution vulnerabilities, cross-site scripting flaws, and privilege escalation issues, as evidenced by its 15 recorded CVEs. Security researchers have identified common weaknesses in input validation and access control mechanisms. While no major public security incidents have been widely reported, the consistent pattern of vulnerabilities suggests potential risks for organizations relying on the platform for critical business operations, particularly those with exposed internet-facing deployments.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2024-12779 | SSRF in infiniflow/ragflow — infiniflow/ragflowCWE-918 | 7.5 | - | 2025-03-20 |
| CVE-2024-12869 | Improper Authentication in infiniflow/ragflow — infiniflow/ragflowCWE-306 | 3.5 | - | 2025-03-20 |
| CVE-2024-12871 | Stored Cross-site Scripting (XSS) in infiniflow/ragflow — infiniflow/ragflowCWE-79 | 5.4 | - | 2025-03-20 |
| CVE-2024-12450 | RCE, Full Read SSRF, and Arbitrary File Read in infiniflow/ragflow — infiniflow/ragflowCWE-918 | 9.1 | - | 2025-03-20 |
| CVE-2024-12870 | Stored Cross-site Scripting (XSS) in infiniflow/ragflow — infiniflow/ragflowCWE-79 | 6.1 | - | 2025-03-20 |
| CVE-2024-12433 | Remote Code Execution in infiniflow/ragflow — infiniflow/ragflowCWE-502 | 9.8 | - | 2025-03-20 |
| CVE-2024-12880 | Partial Account Takeover due to Insecure Data Querying in infiniflow/ragflow — infiniflow/ragflowCWE-639 | 8.1 | - | 2025-03-20 |
| CVE-2024-10131 | Remote Code Execution in infiniflow/ragflow — infiniflow/ragflowCWE-94 | 9.8 | - | 2024-10-19 |
This page lists every published CVE security advisory associated with infiniflow. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.