Every CVE whose affected-product data names M-files M-files Web, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (4)
CVE-2021-37253 — CVSS 7.5 (high): M-Files Web before 20.10.9524.1 allows a denial of service via overlapping ranges (in HTTP requests with crafted Range or Request-Range…
CVE-2021-37254 — CVSS 7.5 (high): In M-Files Web product with versions before 20.10.9524.1 and 20.10.9445.0, a remote attacker could use a flaw to obtain unauthenticated…
CVE-2021-41807 — CVSS 7.5 (high): Lack of rate limiting in M-Files Server and M-Files Web products with versions before 21.12.10873.0 in certain type of user accounts allows…
CVE-2025-3087 — CVSS 5.4 (medium): Stored XSS in M-Files Web versions from 25.1.14445.5 to 25.2.14524.4 allows an authenticated user to run scripts