Lucene search
K

65 matches found

EUVD
EUVD
added 5 days ago8 views

EUVD-2026-42652

An authenticated administrator may be able to achieve arbitrary code execution on the host system by uploading a malicious file through the Open Source LLM setup feature in the Admin Console. This vulnerability has been addressed in FileMaker Server 26.0.1...

4.9CVSS6.4AI score0.00289EPSS
Exploits0References1
Cvelist
Cvelist
added 5 days ago34 views

CVE-2026-43752

An authenticated administrator may be able to achieve arbitrary code execution on the host system by uploading a malicious file through the Open Source LLM setup feature in the Admin Console. This vulnerability has been addressed in FileMaker Server 26.0.1...

0.00289EPSS
Exploits0References1
CVE
CVE
added 5 days ago14 views

CVE-2026-43752

The CVE-2026-43752 entry concerns FileMaker Server: an authenticated administrator can upload a malicious file via the Admin Console’s Open Source LLM setup feature to achieve arbitrary code execution on the host. The root cause is the file upload path in the LLM setup flow that allows code execu...

4.9CVSS6.4AI score0.00289EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/02/24 9:16 p.m.11 views

CVE-2025-46320

A cross-site scripting XSS vulnerability in a FileMaker WebDirect custom homepage could lead to unauthorized access and remote code execution. This vulnerability has been fully addressed in FileMaker Server 22.0.4 and FileMaker Server 21.1.7...

6.1CVSS0.00219EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/02/24 8:30 p.m.5 views

CVE-2025-46320

A cross-site scripting XSS vulnerability in a FileMaker WebDirect custom homepage could lead to unauthorized access and remote code execution. This vulnerability has been fully addressed in FileMaker Server 22.0.4 and FileMaker Server 21.1.7...

5.6AI score0.00219EPSS
Exploits0References1
CVE
CVE
added 2026/02/24 8:30 p.m.16 views

CVE-2025-46320

CVE-2025-46320 describes a cross-site scripting (XSS) vulnerability in a FileMaker WebDirect custom homepage that could lead to unauthorized access and remote code execution. The issue has been patched in FileMaker Server releases 22.0.4 and 21.1.7. Affected component is the WebDirect custom home...

6.1CVSS5.6AI score0.00219EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/02/24 12:0 a.m.7 views

PT-2026-21797

Name of the Vulnerable Software and Affected Versions FileMaker versions prior to 22.0.4 FileMaker versions prior to 21.1.7 Description A cross-site scripting XSS issue exists in FileMaker WebDirect custom homepages. Successful exploitation of this issue could allow for unauthorized access and...

6.1CVSS5.1AI score0.00219EPSS
Exploits0References3
Redos
Redos
added 2026/02/24 12:0 a.m.8 views

ROS-20260224-73-0009

A vulnerability in the Apache Common Text library of FileMaker Server is related to improper control of code generation when using interpolation functions. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code...

9.8CVSS6.5AI score0.00919EPSS
Exploits0
CNNVD
CNNVD
added 2026/02/24 12:0 a.m.10 views

FileMaker Server 安全漏洞

FileMaker Server is an enterprise-level database server software developed by FileMaker Corporation, used for managing and sharing FileMaker databases. Versions of FileMaker Server prior to 22.0.4 and 21.1.7 contained security vulnerabilities. These vulnerabilities stemmed from cross-site scripti...

6.1CVSS6AI score0.00219EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/12/17 7:0 p.m.8 views

CVE-2025-46295

Apache Commons Text versions prior to 1.10.0 included interpolation features that could be abused when applications passed untrusted input into the text-substitution API. Because some interpolators could trigger actions like executing commands or accessing external resources, an attacker could...

9.8CVSS8.1AI score0.00919EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/12/17 7:0 p.m.9 views

CVE-2025-46294

To enhance security, the FileMaker Server 22.0.4 installer now includes an option to disable IIS short filename enumeration by setting NtfsDisable8dot3NameCreation in the Windows registry. This prevents attackers from using the tilde character to discover hidden files and directories. This...

5.3CVSS6.7AI score0.00197EPSS
Exploits0References1
OSV
OSV
added 2025/12/16 6:16 p.m.5 views

CVE-2025-46295

Apache Commons Text versions prior to 1.10.0 included interpolation features that could be abused when applications passed untrusted input into the text-substitution API. Because some interpolators could trigger actions like executing commands or accessing external resources, an attacker could...

9.8CVSS6AI score0.00919EPSS
Exploits0References1
NVD
NVD
added 2025/12/16 6:16 p.m.6 views

CVE-2025-46296

An authorization bypass vulnerability in FileMaker Server Admin Console allowed administrator roles with minimal privileges to access administrative features such as viewing license details and downloading application logs. This vulnerability has been fully addressed in FileMaker Server 22.0.4...

5.4CVSS0.00142EPSS
Exploits0References1
NVD
NVD
added 2025/12/16 6:16 p.m.10 views

CVE-2025-46295

Apache Commons Text versions prior to 1.10.0 included interpolation features that could be abused when applications passed untrusted input into the text-substitution API. Because some interpolators could trigger actions like executing commands or accessing external resources, an attacker could...

9.8CVSS0.00919EPSS
Exploits0References1
OSV
OSV
added 2025/12/16 6:16 p.m.6 views

CVE-2025-46296

An authorization bypass vulnerability in FileMaker Server Admin Console allowed administrator roles with minimal privileges to access administrative features such as viewing license details and downloading application logs. This vulnerability has been fully addressed in FileMaker Server 22.0.4...

5.4CVSS5.7AI score0.00142EPSS
Exploits0References1
NVD
NVD
added 2025/12/16 6:16 p.m.9 views

CVE-2025-46294

To enhance security, the FileMaker Server 22.0.4 installer now includes an option to disable IIS short filename enumeration by setting NtfsDisable8dot3NameCreation in the Windows registry. This prevents attackers from using the tilde character to discover hidden files and directories. This...

5.3CVSS0.00197EPSS
Exploits0References1
OSV
OSV
added 2025/12/16 6:16 p.m.5 views

CVE-2025-46294

To enhance security, the FileMaker Server 22.0.4 installer now includes an option to disable IIS short filename enumeration by setting NtfsDisable8dot3NameCreation in the Windows registry. This prevents attackers from using the tilde character to discover hidden files and directories. This...

5.3CVSS5.7AI score0.00197EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/12/16 6:7 p.m.5 views

CVE-2025-46295

Apache Commons Text versions prior to 1.10.0 included interpolation features that could be abused when applications passed untrusted input into the text-substitution API. Because some interpolators could trigger actions like executing commands or accessing external resources, an attacker could...

7.8AI score0.00919EPSS
Exploits0References1
CVE
CVE
added 2025/12/16 6:7 p.m.18 views

CVE-2025-46294

The CVE describes a vulnerability in FileMaker Server relating to IIS short filename enumeration (8.3) that could enable information disclosure. Affected: FileMaker Server, prior to/including version 22.0.4; remediation is addressed in 22.0.4 with an option to disable 8.3 name creation. Root caus...

5.3CVSS6.3AI score0.00197EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2025/12/16 6:7 p.m.33 views

CVE-2025-46296

An authorization bypass vulnerability in FileMaker Server Admin Console allowed administrator roles with minimal privileges to access administrative features such as viewing license details and downloading application logs. This vulnerability has been fully addressed in FileMaker Server 22.0.4...

0.00142EPSS
Exploits0References1
Rows per page
Query Builder