Show filters
93 Total Results
Displaying 1-10 of 93
Sort by:
Attacker Value
Unknown

CVE-2025-0648

Disclosure Date: January 23, 2025 (last updated February 17, 2025)
Unexpected server crash in database driver in M-Files Server before 25.1.14445.5 and before 24.8 LTS SR3 allows a highly privileged attacker to cause denial of service via configuration change.
0
0
Attacker Value
Unknown

CVE-2025-0635

Disclosure Date: January 23, 2025 (last updated January 24, 2025)
Denial of service condition in M-Files Server in versions before 25.1.14445.5 allows an unauthenticated user to consume computing resources in certain conditions.
0
0
Attacker Value
Unknown

CVE-2025-0619

Disclosure Date: January 23, 2025 (last updated January 23, 2025)
Unsafe password recovery from configuration in M-Files Server before 25.1 allows a highly privileged user to recover external connector passwords
0
0
Attacker Value
Unknown

CVE-2024-11462

Disclosure Date: December 14, 2024 (last updated December 18, 2024)
The Filestack Official plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'fstab' and 'filestack_options' parameters in all versions up to, and including, 2.0.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
Attack Vector: NetworkPrivileges: NoneUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2023-22701

Disclosure Date: December 09, 2024 (last updated December 21, 2024)
Missing Authorization vulnerability in Shopfiles Ltd Ebook Store allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ebook Store: from n/a through 5.775.
0
0
Attacker Value
Unknown

CVE-2024-11176

Disclosure Date: November 20, 2024 (last updated November 20, 2024)
Improper access control vulnerability in M-Files Aino in versions before 24.10 allowed an authenticated user to access object information via incorrect calculation of effective permissions.
0
0
Attacker Value
Unknown

CVE-2024-10127

Disclosure Date: November 20, 2024 (last updated December 16, 2024)
Authentication bypass condition in LDAP authentication in M-Files server versions before 24.11 supported usage of OpenLDAP configurations that allowed user authentication without a password when the LDAP server itself had the vulnerable configuration.
0
0
Attacker Value
Unknown

CVE-2024-10126

Disclosure Date: November 20, 2024 (last updated November 20, 2024)
Local File Inclusion vulnerability in M-Files Server in versions before 24.11 (excluding 24.8 SR1, 24.2 SR3 and 23.8 SR7) allows an authenticated user to read server local files of a limited set of filetypes via document preview.
0
0
Attacker Value
Unknown

CVE-2024-9333

Disclosure Date: October 02, 2024 (last updated October 02, 2024)
Permissions bypass in M-Files Connector for Copilot before version 24.9.3 allows authenticated user to access limited amount of documents via incorrect access control list calculation
0
0
Attacker Value
Unknown

CVE-2024-9174

Disclosure Date: October 02, 2024 (last updated October 02, 2024)
Stored HTML Injection in Social Module in M-Files Hubshare before version 5.0.8.6 allows authenticated user to spoof UI
0
0
View More Topics  Next >