65 matches found
EUVD-2026-42652
An authenticated administrator may be able to achieve arbitrary code execution on the host system by uploading a malicious file through the Open Source LLM setup feature in the Admin Console. This vulnerability has been addressed in FileMaker Server 26.0.1...
CVE-2026-43752
An authenticated administrator may be able to achieve arbitrary code execution on the host system by uploading a malicious file through the Open Source LLM setup feature in the Admin Console. This vulnerability has been addressed in FileMaker Server 26.0.1...
CVE-2026-43752
The CVE-2026-43752 entry concerns FileMaker Server: an authenticated administrator can upload a malicious file via the Admin Console’s Open Source LLM setup feature to achieve arbitrary code execution on the host. The root cause is the file upload path in the LLM setup flow that allows code execu...
CVE-2025-46320
A cross-site scripting XSS vulnerability in a FileMaker WebDirect custom homepage could lead to unauthorized access and remote code execution. This vulnerability has been fully addressed in FileMaker Server 22.0.4 and FileMaker Server 21.1.7...
CVE-2025-46320
A cross-site scripting XSS vulnerability in a FileMaker WebDirect custom homepage could lead to unauthorized access and remote code execution. This vulnerability has been fully addressed in FileMaker Server 22.0.4 and FileMaker Server 21.1.7...
CVE-2025-46320
CVE-2025-46320 describes a cross-site scripting (XSS) vulnerability in a FileMaker WebDirect custom homepage that could lead to unauthorized access and remote code execution. The issue has been patched in FileMaker Server releases 22.0.4 and 21.1.7. Affected component is the WebDirect custom home...
ROS-20260224-73-0009
A vulnerability in the Apache Common Text library of FileMaker Server is related to improper control of code generation when using interpolation functions. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code...
FileMaker Server 安全漏洞
FileMaker Server is an enterprise-level database server software developed by FileMaker Corporation, used for managing and sharing FileMaker databases. Versions of FileMaker Server prior to 22.0.4 and 21.1.7 contained security vulnerabilities. These vulnerabilities stemmed from cross-site scripti...
PT-2026-21797
Name of the Vulnerable Software and Affected Versions FileMaker versions prior to 22.0.4 FileMaker versions prior to 21.1.7 Description A cross-site scripting XSS issue exists in FileMaker WebDirect custom homepages. Successful exploitation of this issue could allow for unauthorized access and...
CVE-2025-46295
Apache Commons Text versions prior to 1.10.0 included interpolation features that could be abused when applications passed untrusted input into the text-substitution API. Because some interpolators could trigger actions like executing commands or accessing external resources, an attacker could...
CVE-2025-46294
To enhance security, the FileMaker Server 22.0.4 installer now includes an option to disable IIS short filename enumeration by setting NtfsDisable8dot3NameCreation in the Windows registry. This prevents attackers from using the tilde character to discover hidden files and directories. This...
CVE-2025-46295
Apache Commons Text versions prior to 1.10.0 included interpolation features that could be abused when applications passed untrusted input into the text-substitution API. Because some interpolators could trigger actions like executing commands or accessing external resources, an attacker could...
CVE-2025-46295
Apache Commons Text versions prior to 1.10.0 included interpolation features that could be abused when applications passed untrusted input into the text-substitution API. Because some interpolators could trigger actions like executing commands or accessing external resources, an attacker could...
CVE-2025-46296
An authorization bypass vulnerability in FileMaker Server Admin Console allowed administrator roles with minimal privileges to access administrative features such as viewing license details and downloading application logs. This vulnerability has been fully addressed in FileMaker Server 22.0.4...
CVE-2025-46294
To enhance security, the FileMaker Server 22.0.4 installer now includes an option to disable IIS short filename enumeration by setting NtfsDisable8dot3NameCreation in the Windows registry. This prevents attackers from using the tilde character to discover hidden files and directories. This...
CVE-2025-46294
To enhance security, the FileMaker Server 22.0.4 installer now includes an option to disable IIS short filename enumeration by setting NtfsDisable8dot3NameCreation in the Windows registry. This prevents attackers from using the tilde character to discover hidden files and directories. This...
CVE-2025-46296
An authorization bypass vulnerability in FileMaker Server Admin Console allowed administrator roles with minimal privileges to access administrative features such as viewing license details and downloading application logs. This vulnerability has been fully addressed in FileMaker Server 22.0.4...
CVE-2025-46295
Apache Commons Text versions prior to 1.10.0 included interpolation features that could be abused when applications passed untrusted input into the text-substitution API. Because some interpolators could trigger actions like executing commands or accessing external resources, an attacker could...
CVE-2025-46294
The CVE describes a vulnerability in FileMaker Server relating to IIS short filename enumeration (8.3) that could enable information disclosure. Affected: FileMaker Server, prior to/including version 22.0.4; remediation is addressed in 22.0.4 with an option to disable 8.3 name creation. Root caus...
CVE-2025-46296
An authorization bypass vulnerability in FileMaker Server Admin Console allowed administrator roles with minimal privileges to access administrative features such as viewing license details and downloading application logs. This vulnerability has been fully addressed in FileMaker Server 22.0.4...