31 results (0.009 seconds)

CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0

Permissions bypass in M-Files Connector for Copilot before version 24.9.3 allows authenticated user to access limited amount of documents via incorrect access control list calculation • https://product.m-files.com/security-advisories/cve-2024-9333 • CWE-281: Improper Preservation of Permissions •

CVSS: 6.9EPSS: 0%CPEs: 1EXPL: 0

Stored HTML Injection in Social Module in M-Files Hubshare before version 5.0.8.6 allows authenticated user to spoof UI • https://product.m-files.com/security-advisories/cve-2024-9174 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 8.4EPSS: 0%CPEs: 1EXPL: 0

A path traversal issue in API endpoint in M-Files Server before version 24.8.13981.0 allows authenticated user to read files Un problema de path traversal en el endpoint de API en M-Files Server anterior a la versión 24.8.13981.0 permite que un usuario autenticado lea archivos A path traversal issue in API endpoint in M-Files Server before version 24.8.13981.0 and LTS 24.2.13421.15 SR2 and LTS 23.8.12892.0 SR6 allows authenticated user to read files • https://product.m-files.com/security-advisories/cve-2024-6789 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

Denial of service condition in M-Files Server in versions before 24.4.13592.4 and after 23.11 (excluding 24.2 LTS) allows unauthenticated user to consume computing resources. La condición de denegación de servicio en M-Files Server en versiones anteriores a 24.4.13592.4 y posteriores a 23.11 (excluyendo 24.2 LTS) permite a usuarios no autenticados consumir recursos informáticos. • https://www.m-files.com/about/trust-center/security-advisories/cve-2024-4056 https://product.m-files.com/security-advisories/cve-2024-4056 • CWE-400: Uncontrolled Resource Consumption CWE-1333: Inefficient Regular Expression Complexity •

CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0

Stored XSS Vulnerability in M-Files Web versions before 23.8 allows attacker to execute script on users browser via stored HTML document within limited time period. • https://www.m-files.com/about/trust-center/security-advisories/cve-2023-4479 https://product.m-files.com/security-advisories/cve-2023-4479 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •