📦 M Files Server

This vulnerability allows attackers to bypass authentication in M-Files servers when configured with vulnerable OpenLDAP setups. It enables unauthorized access without valid credentials by exploiting ...

CVE-2025-0635 is a denial-of-service vulnerability in M-Files Server that allows unauthenticated attackers to consume computing resources, potentially making the server unresponsive. This affects orga...

CVE-2024-4056 is a denial-of-service vulnerability in M-Files Server that allows unauthenticated attackers to consume computing resources, potentially making the server unavailable. This affects M-Fil...

M-Files Server versions before 23.12.13205.0 lack brute force protection, allowing attackers unlimited authentication attempts to guess user passwords. This affects all organizations using vulnerable ...

This vulnerability in M-Files Server allows attackers to cause denial of service through uncontrolled memory consumption. By sending specially crafted user-controlled operations, attackers can exhaust...

This vulnerability allows attackers to perform unlimited login attempts against certain M-Files user accounts, enabling brute-force attacks to guess passwords. It affects M-Files Server and M-Files We...

This vulnerability allows authenticated attackers with vault administrator privileges to crash M-Files Server by calling a vulnerable API endpoint, causing denial of service. It affects M-Files Server...

This vulnerability in M-Files Server allows sensitive information to be exposed due to incomplete data removal before transfer. It affects organizations using M-Files Server versions before 25.12.1549...

M-Files Server versions before 25.12.15491.7 have an improper access control vulnerability that allows authenticated users to download files through M-Files Web using Web Companion even when the Print...

An authenticated user can cause a denial-of-service by crashing the MFserver process in vulnerable M-Files Server versions. This affects organizations using M-Files Server before the patched versions,...

A configuration change vulnerability in M-Files Server's database driver allows highly privileged attackers to cause unexpected server crashes, leading to denial of service. This affects M-Files Serve...

This CVE describes a Local File Inclusion vulnerability in M-Files Server that allows authenticated users to read server local files of limited filetypes via the document preview feature. It affects M...

This vulnerability allows authenticated users to inject HTML content that gets rendered in other users' browsers in M-Files Web, potentially enabling cross-site scripting attacks. It affects all M-Fil...

M-Files Server versions before 22.10.11846.0 can log sensitive authentication tokens to log files when specific configurations are enabled. This vulnerability allows attackers with access to log files...

CVE-2022-1911 is an information disclosure vulnerability in M-Files Server where an error in the parser function allows unauthenticated attackers to access some operating system information. This affe...

This vulnerability in M-Files Desktop component service allows an authenticated user in one session to move laterally to another user's session, potentially accessing unauthorized data or performing a...

This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in M-Files Server products. It allows attackers to make unauthorized queries from the server when previewing certain document type...