| CVE ID | DATE ISSUED | TITLE | PRODUCTS |
| CVE-2022-4862 | 3-6-2023 | XSS vulnerability in M-Files Web | M-Files Web before 22.12.12140.3 |
| CVE-2022-3284 | 3-6-2023 | Insecure Way of Passing a Download Key | M-Files New Web before 22.11.12011.0 |
| CVE-2022-4861 | 12-30-2022 | Incorrect Implementation of Authentication Algorithm | M-Files Client before 22.5.11356.0. |
| CVE-2022-4858 | 12-30-2022 | Insertion of Sensitive Information into Log File | M-Files Server before 22.10.11846.0. |
| CVE-2022-4264 | 12-09-2022 | Incorrect Privilege Assignment | M-Files Web Classic version before 22.8.11691.0. |
| CVE-2022-4270 | 12-02-2022 | Incorrect Privilege Assignment | All M-Files Web Classic versions before 22.5.11436.1. All M-Files Web vNext versions before 22.5.11436.1. |
| CVE-2022-1606 | 11-30-2022 | Incorrect Privilege Assignment | All M-Files Server versions before 22.3.111.64.0 and before 22.3.11237.1. |
| CVE-2022-1911 | 11-30-2022 | Information Disclosure in M-Files Server | All M-Files Server versions before 22.3.111.64.0 and before 22.3.11237.1. |
| CVE-2022-3602 & CVE-2022-3786 | 11-01-2022 | OpenSSL 3.x Vulnerability and M-Files | M-Files Server/Desktop/Classic Web/VNEXT/Mobile |
| CVE-2022-39019 | 08-20-2022 | Lack of authorization check on rendered images from pdftron | All Hubshare versions before 3.3.10.8 |
| CVE-2022-39018 | 08-20-2022 | Pdftron lack of authorization check | All Hubshare versions before 3.3.10.8 |
| CVE-2022-39017 | 08-20-2022 | Cross Site Scripting (XSS) from comment areas | All Hubshare versions before 3.3.10.8 |
| CVE-2022-39016 | 08-20-2022 | Cross Site Scripting (XSS) | All Hubshare versions before 3.3.10.8 |
| CVE-2022-26809 | 04-16-2022 | Remote Procedure Call Runtime Remote Code Execution Vulnerability and M-Files | M-Files Server/Desktop/Classic Web/VNEXT/Mobile |
| CVE-2022-22965 | 04-01-2022 | Spring Framework RCE and M-Files | M-Files Server/Desktop/Classic Web/VNEXT/Mobile |
| CVE ID | DATE ISSUED | TITLE | PRODUCTS |
| CVE-2021-41809 | 01-17-2022 | SSRF Vulnerability | M-Files Server version before 22.1.11017.1 |
| CVE-2021-41808 | 01-17-2022 | Information disclosure | M-Files Server version before 21.11.10775.0 |
| CVE-2021-41807 | 01-17-2022 | Lack of rate-limiting | M-Files Server version before 21.12.10873.0 M-Files Web version before 21.12.10873.0 |
| CVE-2021-44228 | 12-14-2021 | Log4j and M-Files | M-Files Server/Desktop/Classic Web/VNEXT/Mobile |
| CVE-2021-37253 | 12-03-2021 | Denial of Service | M-Files Classic Web |
| CVE-2021-37254 | 10-27-2021 | Information Disclosure Vulnerability | M-Files Web |
M-Files takes software vulnerabilities seriously. If you have identified a potential security vulnerability, be in touch.
M-Files celebrates those who help us identify and correct security vulnerabilities across all M-Files products.