177 matches found
CVE-2025-46320
A cross-site scripting XSS vulnerability in a FileMaker WebDirect custom homepage could lead to unauthorized access and remote code execution. This vulnerability has been fully addressed in FileMaker Server 22.0.4 and FileMaker Server 21.1.7...
CVE-2025-46320
A cross-site scripting XSS vulnerability in a FileMaker WebDirect custom homepage could lead to unauthorized access and remote code execution. This vulnerability has been fully addressed in FileMaker Server 22.0.4 and FileMaker Server 21.1.7...
CVE-2025-46320
A cross-site scripting XSS vulnerability in a FileMaker WebDirect custom homepage could lead to unauthorized access and remote code execution. This vulnerability has been fully addressed in FileMaker Server 22.0.4 and FileMaker Server 21.1.7...
ROS-20260224-73-0009
A vulnerability in the Apache Common Text library of FileMaker Server is related to improper control of code generation when using interpolation functions. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code...
FileMaker Server 安全漏洞
FileMaker Server is an enterprise-level database server software developed by FileMaker Corporation, used for managing and sharing FileMaker databases. Versions of FileMaker Server prior to 22.0.4 and 21.1.7 contained security vulnerabilities. These vulnerabilities stemmed from cross-site scripti...
PT-2026-21797
Name of the Vulnerable Software and Affected Versions FileMaker versions prior to 22.0.4 FileMaker versions prior to 21.1.7 Description A cross-site scripting XSS issue exists in FileMaker WebDirect custom homepages. Successful exploitation of this issue could allow for unauthorized access and...
CVE-2025-46295
Apache Commons Text versions prior to 1.10.0 included interpolation features that could be abused when applications passed untrusted input into the text-substitution API. Because some interpolators could trigger actions like executing commands or accessing external resources, an attacker could...
CVE-2025-46294
To enhance security, the FileMaker Server 22.0.4 installer now includes an option to disable IIS short filename enumeration by setting NtfsDisable8dot3NameCreation in the Windows registry. This prevents attackers from using the tilde character to discover hidden files and directories. This...
CVE-2025-46296
An authorization bypass vulnerability in FileMaker Server Admin Console allowed administrator roles with minimal privileges to access administrative features such as viewing license details and downloading application logs. This vulnerability has been fully addressed in FileMaker Server 22.0.4...
CVE-2025-46294
To enhance security, the FileMaker Server 22.0.4 installer now includes an option to disable IIS short filename enumeration by setting NtfsDisable8dot3NameCreation in the Windows registry. This prevents attackers from using the tilde character to discover hidden files and directories. This...
CVE-2025-46296
An authorization bypass vulnerability in FileMaker Server Admin Console allowed administrator roles with minimal privileges to access administrative features such as viewing license details and downloading application logs. This vulnerability has been fully addressed in FileMaker Server 22.0.4...
CVE-2025-46295
Apache Commons Text versions prior to 1.10.0 included interpolation features that could be abused when applications passed untrusted input into the text-substitution API. Because some interpolators could trigger actions like executing commands or accessing external resources, an attacker could...
CVE-2025-46295
Apache Commons Text versions prior to 1.10.0 included interpolation features that could be abused when applications passed untrusted input into the text-substitution API. Because some interpolators could trigger actions like executing commands or accessing external resources, an attacker could...
CVE-2025-46294
To enhance security, the FileMaker Server 22.0.4 installer now includes an option to disable IIS short filename enumeration by setting NtfsDisable8dot3NameCreation in the Windows registry. This prevents attackers from using the tilde character to discover hidden files and directories. This...
CVE-2025-46295
Apache Commons Text versions prior to 1.10.0 included interpolation features that could be abused when applications passed untrusted input into the text-substitution API. Because some interpolators could trigger actions like executing commands or accessing external resources, an attacker could...
CVE-2025-46296
An authorization bypass vulnerability in FileMaker Server Admin Console allowed administrator roles with minimal privileges to access administrative features such as viewing license details and downloading application logs. This vulnerability has been fully addressed in FileMaker Server 22.0.4...
CVE-2025-46296
CVE-2025-46296 describes an authorization bypass in the FileMaker Server Admin Console that let administrator roles with minimal privileges access administrative features (e.g., viewing license details and downloading application logs). The root cause is insufficient privilege checks as stated in...
CVE-2025-46295
Apache Commons Text versions prior to 1.10.0 included interpolation features that could be abused when applications passed untrusted input into the text-substitution API. Because some interpolators could trigger actions like executing commands or accessing external resources, an attacker could...
CVE-2025-46294
The CVE describes a vulnerability in FileMaker Server relating to IIS short filename enumeration (8.3) that could enable information disclosure. Affected: FileMaker Server, prior to/including version 22.0.4; remediation is addressed in 22.0.4 with an option to disable 8.3 name creation. Root caus...
CVE-2025-46294
To enhance security, the FileMaker Server 22.0.4 installer now includes an option to disable IIS short filename enumeration by setting NtfsDisable8dot3NameCreation in the Windows registry. This prevents attackers from using the tilde character to discover hidden files and directories. This...