Search

Search Results (364207 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-14267 1 M-files 3 M-files, M-files Server, Server 2026-02-23 4.9 Medium
Incomplete removal of sensitive information before transfer vulnerability in M-Files Corporation M-Files Server allows data leak exposure affecting versions before 25.12.15491.7
CVE-2025-11681 1 M-files 2 M-files Server, Server 2026-02-23 6.5 Medium
Denial-of-service condition in M-Files Server versions before 25.11.15392.1, before 25.2 LTS SR2 and before 25.8 LTS SR2 allows an authenticated user to cause the MFserver process to crash.
CVE-2025-0648 1 M-files 1 M-files Server 2026-02-23 4.9 Medium
Unexpected server crash in database driver in M-Files Server before 25.1.14445.5 and before 24.8 LTS SR3 allows a highly privileged attacker to cause denial of service via configuration change.
CVE-2025-0635 1 M-files 1 M-files Server 2026-02-23 7.5 High
Denial of service condition in M-Files Server in versions before 25.1.14445.5 allows an unauthenticated user to consume computing resources in certain conditions.
CVE-2025-0619 1 M-files 1 M-files Server 2026-02-23 4.9 Medium
Unsafe password recovery from configuration in M-Files Server before 25.1 allows a highly privileged user to recover external connector passwords
CVE-2024-9174 1 M-files 1 Hubshare 2026-02-23 5.4 Medium
Stored HTML Injection in Social Module in M-Files Hubshare before version 5.0.8.6 allows authenticated user to spoof UI
CVE-2024-6881 1 M-files 1 Hubshare 2026-02-23 5.4 Medium
Stored XSS in M-Files Hubshare versions before 5.0.6.0 allows an authenticated attacker to execute arbitrary JavaScript in user's browser session
CVE-2024-6789 1 M-files 1 M-files Server 2026-02-23 6.5 Medium
A path traversal issue in API endpoint in M-Files Server before version 24.8.13981.0 and LTS 24.2.13421.15 SR2 and LTS 23.8.12892.0 SR6 allows authenticated user to read files
CVE-2024-6124 1 M-files 1 Hubshare 2026-02-23 5.4 Medium
Reflected XSS in M-Files Hubshare before version 5.0.6.0 allows an attacker to execute arbitrary JavaScript code in the context of the victim's browser session
CVE-2024-5142 1 M-files 1 Hubshare 2026-02-23 5.4 Medium
Stored Cross-Site Scripting vulnerability in Social Module in M-Files Hubshare before version 5.0.6.0 allows authenticated attacker to run scripts in other users browser
CVE-2024-4056 1 M-files 1 M-files Server 2026-02-23 7.5 High
Denial of service condition in M-Files Server in versions before 24.4.13592.4 and after 23.11 (excluding 24.2 LTS) allows unauthenticated user to consume computing resources.
CVE-2024-10127 1 M-files 2 M-files, M-files Server 2026-02-23 9.8 Critical
Authentication bypass condition in LDAP authentication in M-Files server versions before 24.11 supported usage of OpenLDAP configurations that allowed user authentication without a password when the LDAP server itself had the vulnerable configuration.
CVE-2024-10126 1 M-files 1 M-files Server 2026-02-23 4.3 Medium
Local File Inclusion vulnerability in M-Files Server in versions before 24.11 (excluding 24.8 SR1, 24.2 SR3 and 23.8 SR7) allows an authenticated user to read server local files of a limited set of filetypes via document preview.
CVE-2024-0563 1 M-files 1 M-files Server 2026-02-23 4.3 Medium
Denial of service condition in M-Files Server in versions before 24.2 (excluding 23.2 SR7 and 23.8 SR5) allows anonymous user to cause denial of service against other anonymous users.
CVE-2023-6912 1 M-files 1 M-files Server 2026-02-23 7.5 High
Lack of protection against brute force attacks in M-Files Server before 23.12.13205.0 allows an attacker unlimited authentication attempts, potentially compromising targeted M-Files user accounts by guessing passwords.
CVE-2025-15572 2 Wasm3, Wasm3 Project 2 Wasm3, Wasm3 2026-02-23 3.3 Low
A vulnerability has been found in wasm3 up to 0.5.0. The affected element is the function NewCodePage. The manipulation leads to memory leak. The attack must be carried out locally. The exploit has been disclosed to the public and may be used. Unfortunately, the project has no active maintainer at the moment.
CVE-2025-15539 1 Open5gs 1 Open5gs 2026-02-23 5.3 Medium
A vulnerability was determined in Open5GS up to 2.7.6. Impacted is the function sgwc_s11_handle_downlink_data_notification_ack of the file src/sgwc/s11-handler.c of the component sgwc. This manipulation causes denial of service. The attack can be initiated remotely. The exploit has been publicly disclosed and may be utilized. Patch name: b4707272c1caf6a7d4dca905694ea55557a0545f. To fix this issue, it is recommended to deploy a patch. The issue report is flagged as already-fixed.
CVE-2025-15537 1 Mapnik 1 Mapnik 2026-02-23 5.3 Medium
A security vulnerability has been detected in Mapnik up to 4.2.0. This issue affects the function mapnik::dbf_file::string_value of the file plugins/input/shape/dbfile.cpp. Such manipulation leads to heap-based buffer overflow. The attack must be carried out locally. The exploit has been disclosed publicly and may be used. The project was informed of the problem early through an issue report but has not responded yet.
CVE-2025-15536 1 Byvoid 2 Open Chinese Convert, Opencc 2026-02-23 5.3 Medium
A weakness has been identified in BYVoid OpenCC up to 1.1.9. This vulnerability affects the function opencc::MaxMatchSegmentation of the file src/MaxMatchSegmentation.cpp. This manipulation causes heap-based buffer overflow. The attack is restricted to local execution. The exploit has been made available to the public and could be used for attacks. Patch name: 345c9a50ab07018f1b4439776bad78a0d40778ec. To fix this issue, it is recommended to deploy a patch.
CVE-2025-15534 1 Raylib 1 Raylib 2026-02-23 5.3 Medium
A vulnerability was identified in raysan5 raylib up to 909f040. Affected by this issue is the function LoadFontData of the file src/rtext.c. The manipulation leads to integer overflow. The attack can only be performed from a local environment. The exploit is publicly available and might be used. The identifier of the patch is 5a3391fdce046bc5473e52afbd835dd2dc127146. It is suggested to install a patch to address this issue.