Search

Search Results (364230 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-3086 1 M-files 1 M-files Server 2026-02-23 7.1 High
Improper isolation of users in M-Files Server version before 25.3.14549 allows anonymous user to affect other anonymous users views and possibly cause a denial of service
CVE-2025-2091 1 M-files 1 M-files Mobile 2026-02-23 5.4 Medium
An open redirection vulnerability in M-Files mobile applications for Android and iOS prior to version 25.6.0 allows attackers to use maliciously crafted PDF files to trick other users into making requests to untrusted URLs.
CVE-2025-14318 1 M-files 2 M-files Server, Server 2026-02-23 4.3 Medium
Improper access checks in M-Files Server before 25.12.15491.7 allows users to download files through M-Files Web using Web Companion despite Print and Download Prevention module being enabled.
CVE-2025-14267 1 M-files 3 M-files, M-files Server, Server 2026-02-23 4.9 Medium
Incomplete removal of sensitive information before transfer vulnerability in M-Files Corporation M-Files Server allows data leak exposure affecting versions before 25.12.15491.7
CVE-2025-11681 1 M-files 2 M-files Server, Server 2026-02-23 6.5 Medium
Denial-of-service condition in M-Files Server versions before 25.11.15392.1, before 25.2 LTS SR2 and before 25.8 LTS SR2 allows an authenticated user to cause the MFserver process to crash.
CVE-2025-0648 1 M-files 1 M-files Server 2026-02-23 4.9 Medium
Unexpected server crash in database driver in M-Files Server before 25.1.14445.5 and before 24.8 LTS SR3 allows a highly privileged attacker to cause denial of service via configuration change.
CVE-2025-0635 1 M-files 1 M-files Server 2026-02-23 7.5 High
Denial of service condition in M-Files Server in versions before 25.1.14445.5 allows an unauthenticated user to consume computing resources in certain conditions.
CVE-2025-0619 1 M-files 1 M-files Server 2026-02-23 4.9 Medium
Unsafe password recovery from configuration in M-Files Server before 25.1 allows a highly privileged user to recover external connector passwords
CVE-2024-9174 1 M-files 1 Hubshare 2026-02-23 5.4 Medium
Stored HTML Injection in Social Module in M-Files Hubshare before version 5.0.8.6 allows authenticated user to spoof UI
CVE-2024-6881 1 M-files 1 Hubshare 2026-02-23 5.4 Medium
Stored XSS in M-Files Hubshare versions before 5.0.6.0 allows an authenticated attacker to execute arbitrary JavaScript in user's browser session
CVE-2024-6789 1 M-files 1 M-files Server 2026-02-23 6.5 Medium
A path traversal issue in API endpoint in M-Files Server before version 24.8.13981.0 and LTS 24.2.13421.15 SR2 and LTS 23.8.12892.0 SR6 allows authenticated user to read files
CVE-2024-6124 1 M-files 1 Hubshare 2026-02-23 5.4 Medium
Reflected XSS in M-Files Hubshare before version 5.0.6.0 allows an attacker to execute arbitrary JavaScript code in the context of the victim's browser session
CVE-2024-5142 1 M-files 1 Hubshare 2026-02-23 5.4 Medium
Stored Cross-Site Scripting vulnerability in Social Module in M-Files Hubshare before version 5.0.6.0 allows authenticated attacker to run scripts in other users browser
CVE-2024-4056 1 M-files 1 M-files Server 2026-02-23 7.5 High
Denial of service condition in M-Files Server in versions before 24.4.13592.4 and after 23.11 (excluding 24.2 LTS) allows unauthenticated user to consume computing resources.
CVE-2024-10127 1 M-files 2 M-files, M-files Server 2026-02-23 9.8 Critical
Authentication bypass condition in LDAP authentication in M-Files server versions before 24.11 supported usage of OpenLDAP configurations that allowed user authentication without a password when the LDAP server itself had the vulnerable configuration.
CVE-2024-10126 1 M-files 1 M-files Server 2026-02-23 4.3 Medium
Local File Inclusion vulnerability in M-Files Server in versions before 24.11 (excluding 24.8 SR1, 24.2 SR3 and 23.8 SR7) allows an authenticated user to read server local files of a limited set of filetypes via document preview.
CVE-2024-0563 1 M-files 1 M-files Server 2026-02-23 4.3 Medium
Denial of service condition in M-Files Server in versions before 24.2 (excluding 23.2 SR7 and 23.8 SR5) allows anonymous user to cause denial of service against other anonymous users.
CVE-2023-6912 1 M-files 1 M-files Server 2026-02-23 7.5 High
Lack of protection against brute force attacks in M-Files Server before 23.12.13205.0 allows an attacker unlimited authentication attempts, potentially compromising targeted M-Files user accounts by guessing passwords.
CVE-2025-15572 2 Wasm3, Wasm3 Project 2 Wasm3, Wasm3 2026-02-23 3.3 Low
A vulnerability has been found in wasm3 up to 0.5.0. The affected element is the function NewCodePage. The manipulation leads to memory leak. The attack must be carried out locally. The exploit has been disclosed to the public and may be used. Unfortunately, the project has no active maintainer at the moment.
CVE-2025-15539 1 Open5gs 1 Open5gs 2026-02-23 5.3 Medium
A vulnerability was determined in Open5GS up to 2.7.6. Impacted is the function sgwc_s11_handle_downlink_data_notification_ack of the file src/sgwc/s11-handler.c of the component sgwc. This manipulation causes denial of service. The attack can be initiated remotely. The exploit has been publicly disclosed and may be utilized. Patch name: b4707272c1caf6a7d4dca905694ea55557a0545f. To fix this issue, it is recommended to deploy a patch. The issue report is flagged as already-fixed.