CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1935 matches found

Vulnrichment•added 2026/03/03 10:28 p.m.•2 views

CVE-2026-3266 Improper access control vulnerability has been discovered in OpenText™ Filr.

Missing Authorization vulnerability in OpenText™ Filr allows Authentication Bypass. The vulnerability could allow unauthenticated users to get XSRF token and do RPC with carefully crafted programs. This issue affects Filr: through 25.1.2...

8.3CVSS5.9AI score0.00219EPSS

Exploits0References1

CVE•added 2026/03/03 10:28 p.m.•7 views

CVE-2026-3266

CVE-2026-3266 : In OpenText Filr (up to version 25.1.2), a Missing Authorization vulnerability enables an Authentication Bypass . An unauthenticated attacker could obtain an XSRF token and execute RPCs via crafted programs. The connected documents confirm the issue and affected scope but do not p...

9.8CVSS5.9AI score0.00219EPSS

Exploits0References1Affected Software1

Cvelist•added 2026/03/03 10:28 p.m.•16 views

CVE-2026-3266 Improper access control vulnerability has been discovered in OpenText™ Filr.

8.3CVSS0.00219EPSS

Exploits0References1

CNNVD•added 2026/03/03 12:0 a.m.•1 views

OpenText Filr 安全漏洞

OpenText Filr is a file sharing and synchronization solution provided by OpenText Corporation in Canada. Versions of OpenText Filr prior to 25.1.2 have a security vulnerability caused by lack of authorization. This vulnerability allows unauthenticated users to obtain XSRF tokens and make RPC call...

9.8CVSS5.8AI score0.00219EPSS

Exploits0References1

Positive Technologies•added 2026/03/03 12:0 a.m.•1 views

PT-2026-22842

Name of the Vulnerable Software and Affected Versions OpenText Filr versions through 25.1.2 Description A missing authorization issue exists in OpenText Filr that allows authentication bypass. This could allow unauthenticated users to obtain an XSRF token and perform Remote Procedure Calls RPC...

8.3CVSS5.9AI score0.00219EPSS

Exploits0References6

RedhatCVE•added 2026/02/25 4:6 a.m.•2 views

CVE-2025-9120

Improper Control of Generation of Code 'Code Injection' vulnerability in OpenText™ Carbonite Safe Server Backup allows Code Injection. The vulnerability could be exploited through an open port, potentially allowing unauthorized access. This issue affects Carbonite Safe Server Backup: through 6.8....

8.6CVSS5.5AI score0.00039EPSS

Exploits0References1

NVD•added 2026/02/24 1:16 a.m.•4 views

CVE-2025-9120

8.6CVSS0.00039EPSS

Exploits0References1

Vulnrichment•added 2026/02/24 12:3 a.m.•2 views

CVE-2025-9120 RCE vulnerability has been discovered in OpenText™ Carbonite Safe Server Backup.

8.6CVSS5.4AI score0.00039EPSS

Exploits0References1

CVE•added 2026/02/24 12:3 a.m.•10 views

CVE-2025-9120

CVE-2025-9120 : OpenText Carbonite Safe Server Backup is affected up to version 6.8.3 by an improper generation of code vulnerability (code injection). The issue can be exploited via an open port to potentially gain unauthorized access, with a CVSSv4.0 base score of 8.6 (HIGH) and local attack Ve...

8.6CVSS5.5AI score0.00039EPSS

Exploits0References1

Cvelist•added 2026/02/24 12:3 a.m.•18 views

CVE-2025-9120 RCE vulnerability has been discovered in OpenText™ Carbonite Safe Server Backup.

8.6CVSS0.00039EPSS

Exploits0References1

CNNVD•added 2026/02/24 12:0 a.m.•4 views

OpenText Carbonite Safe Server Backup 代码注入漏洞

OpenText Carbonite Safe Server Backup is a hybrid cloud backup software developed by OpenText Corporation in Canada. Versions of OpenText Carbonite Safe Server Backup 6.8.3 and earlier contained a code injection vulnerability. This vulnerability stemmed from improper code generation controls, whi...

8.6CVSS5.9AI score0.00039EPSS

Exploits0References1

RedhatCVE•added 2026/02/21 1:30 a.m.•3 views

CVE-2025-13671

Cross-Site Request Forgery CSRF vulnerability in OpenText™ Web Site Management Server allows Cross Site Request Forgery. The vulnerability could make a user, with active session inside the product, click on a page that contains this malicious HTML triggering to perform changes unconsciously. This...

6.5CVSS5.5AI score0.00007EPSS

Exploits1References1

RedhatCVE•added 2026/02/21 1:30 a.m.•5 views

CVE-2026-1658

User Interface UI Misrepresentation of Critical Information vulnerability in OpenText™ Directory Services allows Cache Poisoning. The vulnerability could be exploited by a bad actor to inject manipulated text into the OpenText application, potentially misleading users. This issue affects Director...

5.3CVSS5.5AI score0.00013EPSS

Exploits0References1

RedhatCVE•added 2026/02/21 1:30 a.m.•3 views

CVE-2025-8055

Server-Side Request Forgery SSRF vulnerability in OpenText™ XM Fax allows Server Side Request Forgery. The vulnerability could allow an attacker to perform blind SSRF to other systems accessible from the XM Fax server. This issue affects XM Fax: 24.2...

5.3CVSS5.5AI score0.00044EPSS

Exploits0References1

RedhatCVE•added 2026/02/21 1:28 a.m.•2 views

CVE-2025-9208

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in OpenText™ Web Site Management Server allows Stored XSS. The vulnerability could execute malicious scripts on the client side when the download query parameter is removed from the file URL,...

7.5CVSS5.5AI score0.00014EPSS

Exploits1References1

RedhatCVE•added 2026/02/21 1:28 a.m.•2 views

CVE-2025-8054

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in OpenText™ XM Fax allows Path Traversal. The vulnerability could allow an attacker to arbitrarily disclose content of files on the local filesystem. This issue affects XM Fax: 24.2...

7.5CVSS5.5AI score0.00068EPSS

Exploits0References1