Medium
CVSS: 6.9
Blind server-side request forgery (SSRF) vulnerability in legacy connection methods of document co-authoring features in M-Files Server before 26.3 allow an unauthenticated attacker to cause the server to send HTTP GET requests to arbitrary…
Medium
CVSS: 6.9
Denial-of-service vulnerability in M-Files Server versions before 26.1.15632.3 allows an authenticated attacker with vault administrator privileges to crash the M-Files Server process by calling a vulnerable API endpoint.
Medium
CVSS: 5.6
Incomplete removal of sensitive information before transfer vulnerability in M-Files Corporation M-Files Server allows data leak exposure affecting versions before 25.12.15491.7
Medium
CVSS: 5.3
Improper access checks in M-Files Server before 25.12.15491.7 allows users to download files through M-Files Web using Web Companion despite Print and Download Prevention module being enabled.
High
CVSS: 7.1
Denial-of-service condition in M-Files Server versions before 25.11.15392.1, before 25.2 LTS SR2 and before 25.8 LTS SR2 allows an authenticated user to cause the MFserver process to crash.
High
CVSS: 8.4
A path traversal issue in the API endpoint in M-Files Server before version 25.6.14925.0 allows an authenticated user to read files in the server.
Medium
CVSS: 6.3
Improper isolation of users in M-Files Server version before 25.3.14549 allows anonymous user to affect other anonymous users views and possibly cause a denial of service
Medium
CVSS: 5.9
Unexpected server crash in database driver in M-Files Server before 25.1.14445.5 and before 24.8 LTS SR3 allows a highly privileged attacker to cause denial of service via configuration change.
Medium
CVSS: 6.3
Denial of service condition in M-Files Server in versions before
25.1.14445.5 allows an unauthenticated user to consume computing resources in certain conditions.
Medium
CVSS: 4.6
Unsafe password recovery from configuration in M-Files Server before 25.1 allows a highly privileged user to recover external connector passwords