90 matches found
CVE-2025-13008
An information disclosure vulnerability in M-Files Server before versions 25.12.15491.7, 25.8 LTS SR3, 25.2 LTS SR3 and 24.8 LTS SR5 allows an authenticated attacker using M-Files Web to capture session tokens of other active users...
CVE-2025-13008
An information disclosure vulnerability in M-Files Server before versions 25.12.15491.7, 25.8 LTS SR3, 25.2 LTS SR3 and 24.8 LTS SR5 allows an authenticated attacker using M-Files Web to capture session tokens of other active users...
CVE-2025-13008
CVE-2025-13008 describes an information-disclosure vulnerability in M-Files Server where an authenticated attacker using M-Files Web can capture session tokens of other active users. Affected versions include prior to 25.12.15491.7, 25.8 LTS SR3, 25.2 LTS SR3, and 24.8 LTS SR5. The root cause is ...
CVE-2025-13008 Session Token Disclosure in M-Files Web
An information disclosure vulnerability in M-Files Server before versions 25.12.15491.7, 25.8 LTS SR3, 25.2 LTS SR3 and 24.8 LTS SR5 allows an authenticated attacker using M-Files Web to capture session tokens of other active users...
CVE-2025-13008 Session Token Disclosure in M-Files Web
An information disclosure vulnerability in M-Files Server before versions 25.12.15491.7, 25.8 LTS SR3, 25.2 LTS SR3 and 24.8 LTS SR5 allows an authenticated attacker using M-Files Web to capture session tokens of other active users...
EUVD-2025-204468
An information disclosure vulnerability in M-Files Server before versions 25.12.15491.7, 25.8 LTS SR3, 25.2 LTS SR3 and 24.8 LTS SR5 allows an authenticated attacker using M-Files Web to capture session tokens of other active users...
PT-2025-52417
Name of the Vulnerable Software and Affected Versions M-Files Server versions prior to 25.12.15491.7 M-Files Server versions 25.8 LTS SR3, 25.2 LTS SR3, and 24.8 LTS SR5 Description An information disclosure issue exists in M-Files Server that could allow an authenticated attacker using M-Files W...
M-Files Server 安全漏洞
M-Files Server is a server for the M-Files system from M-Files, Inc. A security vulnerability exists in M-Files Server that originates from an authenticated attacker being able to capture session tokens of other active users via M-Files Web. The following versions are affected: versions prior to...
CVE-2025-14318
Improper access checks in M-Files Server before 25.12.15491.7 allows users to download files through M-Files Web using Web Companion despite Print and Download Prevention module being enabled...
CVE-2025-14318 Improper access validation in M-Files Server
Improper access checks in M-Files Server before 25.12.15491.7 allows users to download files through M-Files Web using Web Companion despite Print and Download Prevention module being enabled...
PT-2025-52000
Name of the Vulnerable Software and Affected Versions M-Files Server versions prior to 25.12 Description A flaw exists in M-Files Server that allows users to download files through M-Files Web using Web Companion, even when the Print and Download Prevention module is enabled. This is due to...
EUVD-2021-23826
Malware in sbrugna...
EUVD-2023-54334
Malicious code in bioql PyPI...
EUVD-2022-52128
Malicious code in bioql PyPI...
EUVD-2022-51626
Malicious code in bioql PyPI...
EUVD-2023-57836
Malicious code in bioql PyPI...
EUVD-2025-9679
Malicious code in bioql PyPI...
CVE-2022-4862
Rendering of HTML provided by another authenticated user is possible in browser on M-Files Web before 22.12.12140.3. This allows the content to steal user sensitive information. This issue affects M-Files New Web: before 22.12.12140.3...
CVE-2021-37253
M-Files Web before 20.10.9524.1 allows a denial of service via overlapping ranges in HTTP requests with crafted Range or Request-Range headers. NOTE: this is disputed because the range behavior is the responsibility of the web server, not the responsibility of the individual web application...
CVE-2021-37254
In M-Files Web product with versions before 20.10.9524.1 and 20.10.9445.0, a remote attacker could use a flaw to obtain unauthenticated access to 3rd party component license key information on server...