295 matches found
EUVD-2025-18348
Malicious code in bioql PyPI...
EUVD-2021-28813
Malicious code in bioql PyPI...
EUVD-2023-12443
Malicious code in bioql PyPI...
CVE-2025-5964
A path traversal issue in the API endpoint in M-Files Server before version 25.6.14925.0 allows an authenticated user to read files in the server...
The vulnerability of the M-Files Server platform’s interface allows a perpetrator to read arbitrary files.
The vulnerability of the M-Files Server platform’s automation interface is related to incorrect restrictions on the path name to the restricted catalog during the processing of the final point. Exploiting this vulnerability allows a malicious actor to remotely read arbitrary files...
CVE-2025-5964
A path traversal issue in the API endpoint in M-Files Server before version 25.6.14925.0 allows an authenticated user to read files in the server...
CVE-2025-5964
A path traversal issue in the API endpoint in M-Files Server before version 25.6.14925.0 allows an authenticated user to read files in the server...
M-Files Server 安全漏洞
M-Files Server is a server for the M-Files system from M-Files, Inc. A security vulnerability exists in M-Files Server versions prior to 25.6.14925.0 that stems from a path traversal issue in the API endpoint that could result in reading server files...
PT-2025-25504 · M Files · M-Files Server
Name of the Vulnerable Software and Affected Versions: M-Files Server versions prior to 25.6.14925.0 Description: A path traversal issue in the API endpoint in M-Files Server allows an authenticated user to read files in the server. Recommendations: For versions prior to 25.6.14925.0, update to...
CVE-2025-0619
Unsafe password recovery from configuration in M-Files Server before 25.1 allows a highly privileged user to recover external connector passwords...
CVE-2025-0635
Denial of service condition in M-Files Server in versions before 25.1.14445.5 allows an unauthenticated user to consume computing resources in certain conditions...
CVE-2024-0563
Denial of service condition in M-Files Server in versions before 24.2 excluding 23.2 SR7 and 23.8 SR5 allows anonymous user to cause denial of service against other anonymous users...
CVE-2024-10127
Authentication bypass condition in LDAP authentication in M-Files server versions before 24.11 supported usage of OpenLDAP configurations that allowed user authentication without a password when the LDAP server itself had the vulnerable configuration...
CVE-2024-10126
Local File Inclusion vulnerability in M-Files Server in versions before 24.11 excluding 24.8 SR1, 24.2 SR3 and 23.8 SR7 allows an authenticated user to read server local files of a limited set of filetypes via document preview...
CVE-2023-3425
Out-of-bounds read issue in M-Files Server versions below 23.8.12892.6 and LTS Service Release Versions before 23.2 LTS SR3 allows unauthenticated user to read restricted amount of bytes from memory...
CVE-2023-0383
User-controlled operations could have allowed Denial of Service in M-Files Server before 23.4.12528.1 due to uncontrolled memory consumption...
CVE-2023-6910
A vulnerable API method in M-Files Server before 23.12.13195.0 allows for uncontrolled resource consumption. Authenticated attacker can exhaust server storage space to a point where the server can no longer serve requests...
CVE-2023-6912
Lack of protection against brute force attacks in M-Files Server before 23.12.13205.0 allows an attacker unlimited authentication attempts, potentially compromising targeted M-Files user accounts by guessing passwords...
CVE-2025-3086
Improper isolation of users in M-Files Server version before 25.3.14549 allows anonymous user to affect other anonymous users views and possibly cause a denial of service...
CVE-2025-2159
Stored XSS in Desktop UI in M-Files Server Admin tool before version 25.3.14681.7 on Windows allows authenticated local user to run scripts via UI...