Total
336347 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-14318 | 1 M-files | 1 M-files Server | 2026-02-23 | N/A | 4.3 MEDIUM |
|
Improper access checks in M-Files Server before 25.12.15491.7 allows users to download files through M-Files Web using Web Companion despite Print and Download Prevention module being enabled.
|
|||||
| CVE-2025-14267 | 1 M-files | 1 M-files Server | 2026-02-23 | N/A | 4.9 MEDIUM |
|
Incomplete removal of sensitive information before transfer vulnerability in M-Files Corporation M-Files Server allows data leak exposure affecting versions before 25.12.15491.7
|
|||||
| CVE-2025-13008 | 2026-02-23 | N/A | N/A | ||
|
An information disclosure vulnerability in M-Files Server before versions 25.12.15491.7, 25.8 LTS SR3, 25.2 LTS SR3 and 24.8 LTS SR5 allows an authenticated attacker using M-Files Web to capture session tokens of other active users.
|
|||||
| CVE-2025-11681 | 1 M-files | 1 M-files Server | 2026-02-23 | N/A | 6.5 MEDIUM |
|
Denial-of-service condition in M-Files Server versions before 25.11.15392.1, before 25.2 LTS SR2 and before 25.8 LTS SR2 allows an authenticated user to cause the MFserver process to crash.
|
|||||
| CVE-2025-0648 | 1 M-files | 1 M-files Server | 2026-02-23 | N/A | 4.9 MEDIUM |
|
Unexpected server crash in database driver in M-Files Server before 25.1.14445.5 and before 24.8 LTS SR3 allows a highly privileged attacker to cause denial of service via configuration change.
|
|||||
| CVE-2025-0635 | 1 M-files | 1 M-files Server | 2026-02-23 | N/A | 7.5 HIGH |
|
Denial of service condition in M-Files Server in versions before
25.1.14445.5 allows an unauthenticated user to consume computing resources in certain conditions.
|
|||||
| CVE-2025-0619 | 1 M-files | 1 M-files Server | 2026-02-23 | N/A | 4.9 MEDIUM |
|
Unsafe password recovery from configuration in M-Files Server before 25.1 allows a highly privileged user to recover external connector passwords
|
|||||
| CVE-2024-9333 | 2026-02-23 | N/A | N/A | ||
|
Permissions bypass in M-Files Connector for Copilot before version 24.9.3 allows authenticated user to access limited amount of documents via incorrect access control list calculation
|
|||||
| CVE-2024-9174 | 1 M-files | 1 Hubshare | 2026-02-23 | N/A | 5.4 MEDIUM |
|
Stored HTML Injection in Social Module in M-Files Hubshare before version 5.0.8.6 allows authenticated user to spoof UI
|
|||||
| CVE-2024-6881 | 1 M-files | 1 Hubshare | 2026-02-23 | N/A | 5.4 MEDIUM |
|
Stored XSS in M-Files Hubshare versions before 5.0.6.0 allows an authenticated attacker to execute arbitrary JavaScript in user's browser session
|
|||||
| CVE-2024-6789 | 1 M-files | 1 M-files Server | 2026-02-23 | N/A | 6.5 MEDIUM |
|
A path traversal issue in API endpoint in M-Files Server before version 24.8.13981.0 and LTS 24.2.13421.15 SR2 and LTS 23.8.12892.0 SR6 allows authenticated user to read files
|
|||||
| CVE-2024-6124 | 1 M-files | 1 Hubshare | 2026-02-23 | N/A | 5.4 MEDIUM |
|
Reflected XSS in M-Files Hubshare before version 5.0.6.0 allows an attacker to execute arbitrary JavaScript code in the context of the victim's browser session
|
|||||
| CVE-2024-5142 | 1 M-files | 1 Hubshare | 2026-02-23 | N/A | 5.4 MEDIUM |
|
Stored Cross-Site Scripting vulnerability in Social Module in M-Files Hubshare before version 5.0.6.0 allows authenticated attacker to run scripts in other users browser
|
|||||
| CVE-2024-4056 | 1 M-files | 1 M-files Server | 2026-02-23 | N/A | 7.5 HIGH |
|
Denial of service condition in M-Files Server in versions before 24.4.13592.4 and after 23.11 (excluding 24.2 LTS) allows unauthenticated user to consume computing resources.
|
|||||
| CVE-2024-11176 | 2026-02-23 | N/A | N/A | ||
|
Improper access control vulnerability in M-Files Aino in versions before 24.10 allowed an authenticated user to access object information via incorrect evaluation of effective permissions.
|
|||||
| CVE-2024-10127 | 1 M-files | 1 M-files Server | 2026-02-23 | N/A | 9.8 CRITICAL |
|
Authentication bypass condition in LDAP authentication in M-Files server versions before 24.11 supported usage of OpenLDAP configurations that allowed user authentication without a password when the LDAP server itself had the vulnerable configuration.
|
|||||
| CVE-2024-10126 | 1 M-files | 1 M-files Server | 2026-02-23 | N/A | 4.3 MEDIUM |
|
Local File Inclusion vulnerability in M-Files Server in versions before 24.11 (excluding 24.8 SR1, 24.2 SR3 and 23.8 SR7) allows an authenticated user to read server local files of a limited set of filetypes via document preview.
|
|||||
| CVE-2024-0563 | 1 M-files | 1 M-files Server | 2026-02-23 | N/A | 4.3 MEDIUM |
|
Denial of service condition in M-Files Server in versions before 24.2 (excluding 23.2 SR7 and 23.8 SR5) allows anonymous user to cause denial of service against other anonymous users.
|
|||||
| CVE-2023-6912 | 1 M-files | 1 M-files Server | 2026-02-23 | N/A | 7.5 HIGH |
|
Lack of protection against brute force attacks in M-Files Server before 23.12.13205.0 allows an attacker unlimited authentication attempts, potentially compromising targeted M-Files user accounts by guessing passwords.
|
|||||
| CVE-2026-2171 | 1 Fabian | 1 Online Student Management System | 2026-02-23 | 7.5 HIGH | 7.3 HIGH |
|
A vulnerability was found in code-projects Online Student Management System 1.0. Affected is an unknown function of the file accounts.php of the component Login. Performing a manipulation of the argument username/password results in sql injection. The attack can be initiated remotely. The exploit has been made public and could be used.
|
|||||
| CVE-2026-1895 | 1 Wekan Project | 1 Wekan | 2026-02-23 | 6.5 MEDIUM | 6.3 MEDIUM |
|
A flaw has been found in WeKan up to 8.20. Affected is the function applyWipLimit of the file models/lists.js of the component Attachment Storage Handler. Executing a manipulation can lead to improper access controls. The attack can be executed remotely. Upgrading to version 8.21 is able to address this issue. This patch is called 8c0b4f79d8582932528ec2fdf2a4487c86770fb9. It is recommended to upgrade the affected component.
|
|||||
| CVE-2026-1684 | 1 Free5gc | 1 Free5gc | 2026-02-23 | 5.0 MEDIUM | 5.3 MEDIUM |
|
A vulnerability was found in Free5GC SMF up to 4.1.0. Affected by this issue is the function HandleReports of the file /internal/context/pfcp_reports.go of the component PFCP UDP Endpoint. The manipulation results in denial of service. The attack can be executed remotely. It is advisable to implement a patch to correct this issue.
|
|||||
| CVE-2026-1683 | 1 Free5gc | 1 Free5gc | 2026-02-23 | 5.0 MEDIUM | 5.3 MEDIUM |
|
A vulnerability has been found in Free5GC SMF up to 4.1.0. Affected by this vulnerability is the function HandlePfcpSessionReportRequest of the file internal/pfcp/handler/handler.go of the component PFCP. The manipulation leads to denial of service. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used. To fix this issue, it is recommended to deploy a patch.
|
|||||
| CVE-2026-1682 | 1 Free5gc | 1 Free5gc | 2026-02-23 | 5.0 MEDIUM | 5.3 MEDIUM |
|
A flaw has been found in Free5GC SMF up to 4.1.0. Affected is the function HandlePfcpAssociationReleaseRequest of the file internal/pfcp/handler/handler.go of the component PFCP UDP Endpoint. Executing a manipulation can lead to null pointer dereference. The attack may be launched remotely. The exploit has been published and may be used. A patch should be applied to remediate this issue.
|
|||||
| CVE-2026-1587 | 1 Open5gs | 1 Open5gs | 2026-02-23 | 5.0 MEDIUM | 5.3 MEDIUM |
|
A vulnerability has been found in Open5GS up to 2.7.6. The affected element is the function sgwc_s11_handle_modify_bearer_request of the file /sgwc/s11-handler.c of the component SGWC. The manipulation leads to denial of service. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Applying a patch is the recommended action to fix this issue. The issue report is flagged as already-fixed.
|
|||||
| CVE-2026-1586 | 1 Open5gs | 1 Open5gs | 2026-02-23 | 5.0 MEDIUM | 5.3 MEDIUM |
|
A flaw has been found in Open5GS up to 2.7.5. Impacted is the function ogs_gtp2_f_teid_to_ip of the file /sgwc/s11-handler.c of the component SGWC. Executing a manipulation can lead to denial of service. The attack may be performed from remote. The exploit has been published and may be used. It is advisable to implement a patch to correct this issue. The issue report is flagged as already-fixed.
|
|||||
| CVE-2026-1522 | 1 Open5gs | 1 Open5gs | 2026-02-23 | 5.0 MEDIUM | 5.3 MEDIUM |
|
A weakness has been identified in Open5GS up to 2.7.6. This vulnerability affects the function sgwc_s5c_handle_modify_bearer_response of the file src/sgwc/s5c-handler.c of the component SGWC. Executing a manipulation can lead to denial of service. The attack can be launched remotely. The exploit has been made available to the public and could be used for attacks. This patch is called b19cf6a. Applying a patch is advised to resolve this issue. The issue report is flagged as already-fixed.
|
|||||
| CVE-2026-1521 | 1 Open5gs | 1 Open5gs | 2026-02-23 | 5.0 MEDIUM | 5.3 MEDIUM |
|
A security flaw has been discovered in Open5GS up to 2.7.6. This affects the function sgwc_s5c_handle_bearer_resource_failure_indication of the file src/sgwc/s5c-handler.c of the component SGWC. Performing a manipulation results in denial of service. The attack can be initiated remotely. The exploit has been released to the public and may be used for attacks. The patch is named 69b53add90a9479d7960b822fc60601d659c328b. It is recommended to apply a patch to fix this issue.
|
|||||
| CVE-2026-1425 | 2026-02-23 | 5.1 MEDIUM | 5.6 MEDIUM | ||
|
A security flaw has been discovered in pymumu SmartDNS up to 47.1. This vulnerability affects the function _dns_decode_rr_head/_dns_decode_SVCB_HTTPS of the file src/dns.c of the component SVBC Record Parser. The manipulation results in stack-based buffer overflow. It is possible to launch the attack remotely. A high complexity level is associated with this attack. It is stated that the exploitability is difficult. The patch is identified as 2d57c4b4e1add9b4537aeb403f794a084727e1c8. Applying a p ...
Show More |
|||||
| CVE-2026-1418 | 1 Gpac | 1 Gpac | 2026-02-23 | 4.3 MEDIUM | 5.3 MEDIUM |
|
A security vulnerability has been detected in GPAC up to 2.4.0. This affects the function gf_text_import_srt_bifs of the file src/scene_manager/text_to_bifs.c of the component SRT Subtitle Import. Such manipulation leads to out-of-bounds write. The attack needs to be performed locally. The exploit has been disclosed publicly and may be used. The name of the patch is 10c73b82cf0e367383d091db38566a0e4fe71772. It is best practice to apply a patch to resolve this issue.
|
|||||
| CVE-2026-1417 | 1 Gpac | 1 Gpac | 2026-02-23 | 1.7 LOW | 3.3 LOW |
|
A weakness has been identified in GPAC up to 2.4.0. Affected by this issue is the function dump_isom_rtp of the file applications/mp4box/filedump.c. This manipulation causes null pointer dereference. The attack needs to be launched locally. The exploit has been made available to the public and could be used for attacks. Patch name: f96bd57c3ccdcde4335a0be28cd3e8fe296993de. Applying a patch is the recommended action to fix this issue.
|
|||||
| CVE-2026-1416 | 1 Gpac | 1 Gpac | 2026-02-23 | 1.7 LOW | 3.3 LOW |
|
A security flaw has been discovered in GPAC up to 2.4.0. Affected by this vulnerability is the function DumpMovieInfo of the file applications/mp4box/filedump.c. The manipulation results in null pointer dereference. The attack must be initiated from a local position. The exploit has been released to the public and may be used for attacks. The patch is identified as d45c264c20addf0c1cc05124ede33f8ffa800e68. It is advisable to implement a patch to correct this issue.
|
|||||
| CVE-2026-1415 | 1 Gpac | 1 Gpac | 2026-02-23 | 1.7 LOW | 3.3 LOW |
|
A vulnerability was identified in GPAC up to 2.4.0. Affected is the function gf_media_export_webvtt_metadata of the file src/media_tools/media_export.c. The manipulation of the argument Name leads to null pointer dereference. The attack must be carried out locally. The exploit is publicly available and might be used. The identifier of the patch is af951b892dfbaaa38336ba2eba6d6a42c25810fd. To fix this issue, it is recommended to deploy a patch.
|
|||||
| CVE-2026-1174 | 1 Birkir | 1 Prime | 2026-02-23 | 5.0 MEDIUM | 5.3 MEDIUM |
|
A vulnerability was determined in birkir prime up to 0.4.0.beta.0. This affects an unknown function of the file /graphql of the component GraphQL Alias Handler. This manipulation causes resource consumption. The attack is possible to be carried out remotely. The exploit has been publicly disclosed and may be utilized. The project was informed of the problem early through an issue report but has not responded yet.
|
|||||
| CVE-2026-1173 | 1 Birkir | 1 Prime | 2026-02-23 | 5.0 MEDIUM | 5.3 MEDIUM |
|
A vulnerability was found in birkir prime up to 0.4.0.beta.0. The impacted element is an unknown function of the file /graphql of the component GraphQL Array Based Query Batch Handler. The manipulation results in denial of service. The attack can be executed remotely. The exploit has been made public and could be used. The project was informed of the problem early through an issue report but has not responded yet.
|
|||||
| CVE-2026-1172 | 1 Birkir | 1 Prime | 2026-02-23 | 5.0 MEDIUM | 5.3 MEDIUM |
|
A vulnerability has been found in birkir prime up to 0.4.0.beta.0. The affected element is an unknown function of the file /graphql of the component GraphQL Directive Handler. The manipulation leads to denial of service. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used. The project was informed of the problem early through an issue report but has not responded yet.
|
|||||
| CVE-2026-1171 | 1 Birkir | 1 Prime | 2026-02-23 | 5.0 MEDIUM | 5.3 MEDIUM |
|
A flaw has been found in birkir prime up to 0.4.0.beta.0. Impacted is an unknown function of the file /graphql of the component GraphQL Field Handler. Executing a manipulation can lead to denial of service. The attack may be launched remotely. The exploit has been published and may be used. The project was informed of the problem early through an issue report but has not responded yet.
|
|||||
| CVE-2026-1170 | 1 Birkir | 1 Prime | 2026-02-23 | 5.0 MEDIUM | 5.3 MEDIUM |
|
A vulnerability was detected in birkir prime up to 0.4.0.beta.0. This issue affects some unknown processing of the file /graphql of the component GraphQL API. Performing a manipulation results in information disclosure. The attack may be initiated remotely. The exploit is now public and may be used. The project was informed of the problem early through an issue report but has not responded yet.
|
|||||
| CVE-2026-1169 | 1 Birkir | 1 Prime | 2026-02-23 | 5.0 MEDIUM | 4.3 MEDIUM |
|
A security vulnerability has been detected in birkir prime up to 0.4.0.beta.0. This vulnerability affects unknown code. Such manipulation leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed publicly and may be used. The project was informed of the problem early through an issue report but has not responded yet.
|
|||||
| CVE-2026-1145 | 1 Quickjs-ng | 1 Quickjs | 2026-02-23 | 7.5 HIGH | 6.3 MEDIUM |
|
A flaw has been found in quickjs-ng quickjs up to 0.11.0. Affected by this vulnerability is the function js_typed_array_constructor_ta of the file quickjs.c. This manipulation causes heap-based buffer overflow. The attack is possible to be carried out remotely. The exploit has been published and may be used. Patch name: 53aebe66170d545bb6265906fe4324e4477de8b4. It is suggested to install a patch to address this issue.
|
|||||