Filemaker
Products
6- 12 CVEs
- 7 CVEs
- 5 CVEs
- 1 CVE
- 0 CVEs
- 0 CVEs
Recent CVEs
17| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2016-1208 | Hig | 0.49 | 7.5 | 0.01 | May 14, 2016 | The server in Apple FileMaker before 14.0.4 on OS X allows remote attackers to read PHP source code via unspecified vectors. | ||
| CVE-2014-8347 | 0.03 | — | 0.01 | Feb 11, 2020 | An Authentication Bypass vulnerability exists in the MatchPasswordData function in DBEngine.dll in Filemaker Pro 13.03 and Filemaker Pro Advanced 12.04, which could let a malicious user obtain elevated privileges. | |||
| CVE-2025-46320 | 0.00 | — | 0.00 | Feb 24, 2026 | A cross-site scripting (XSS) vulnerability in a FileMaker WebDirect custom homepage could lead to unauthorized access and remote code execution. This vulnerability has been fully addressed in FileMaker Server 22.0.4 and FileMaker Server 21.1.7. | |||
| CVE-2025-46296 | 0.00 | — | 0.00 | Dec 16, 2025 | An authorization bypass vulnerability in FileMaker Server Admin Console allowed administrator roles with minimal privileges to access administrative features such as viewing license details and downloading application logs. This vulnerability has been fully addressed in… | |||
| CVE-2024-27790 | 0.00 | — | 0.00 | Apr 26, 2024 | Claris International has resolved an issue of potentially allowing unauthorized access to records stored in databases hosted on FileMaker Server. This issue has been fixed in FileMaker Server 20.3.2 by validating transactions before replying to client requests. | |||
| CVE-2023-42955 | 0.00 | — | 0.00 | Apr 26, 2024 | Claris International has successfully resolved an issue of potentially exposing password information to front-end websites when signed in to the Admin Console with an administrator role. This issue has been fixed in FileMaker Server 20.3.1 by eliminating the send of Admin Role… | |||
| CVE-2024-27794 | 0.00 | — | 0.00 | Apr 15, 2024 | Claris FileMaker Server before version 20.3.2 was susceptible to a reflected Cross-Site Scripting vulnerability due to an improperly handled parameter in the FileMaker WebDirect login endpoint. The vulnerability was resolved in FileMaker Server 20.3.2 by escaping the HTML… | |||
| CVE-2023-42920 | 0.00 | — | 0.00 | Mar 19, 2024 | Claris International has fixed a dylib hijacking vulnerability in the FileMaker Pro.app and Claris Pro.app versions on macOS. | |||
| CVE-2021-44147 | 0.00 | — | 0.01 | Nov 22, 2021 | An XML External Entity issue in Claris FileMaker Pro and Server (including WebDirect) before 19.4.1 allows a remote attacker to disclose local files via a crafted XML/Excel document and perform server-side request forgery attacks. | |||
| CVE-2014-5322 | 0.00 | — | 0.02 | Sep 22, 2014 | Cross-site scripting (XSS) vulnerability in the Instant Web Publish function in FileMaker Pro before 13 and Pro Advanced before 13 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: this vulnerability exists because of an incorrect fix… | |||
| CVE-2014-5321 | 0.00 | — | 0.01 | Sep 22, 2014 | FileMaker Pro before 13 and Pro Advanced before 13 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. NOTE: this vulnerability exists because of an incorrect… | |||
| CVE-2013-3640 | 0.00 | — | 0.01 | Jun 10, 2013 | Cross-site scripting (XSS) vulnerability in the Instant Web Publish function in FileMaker Pro before 12 and Pro Advanced before 12 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2013-2319 | 0.00 | — | 0.01 | Jun 10, 2013 | FileMaker Pro before 12 and Pro Advanced before 12 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||
| CVE-2007-6104 | 0.00 | — | 0.01 | Nov 23, 2007 | Cross-site scripting (XSS) vulnerability in the Instant Web Publishing feature in FileMaker Pro 7 and 8, Server 7 and 8, and Developer 7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2000-0386 | 0.00 | — | 0.01 | May 2, 2000 | FileMaker Pro 5 Web Companion allows remote attackers to send anonymous or forged email. | |||
| CVE-2000-0385 | 0.00 | — | 0.02 | May 2, 2000 | FileMaker Pro 5 Web Companion allows remote attackers to bypass Field-Level database security restrictions via the XML publishing or email capabilities. | |||
| CVE-2000-0123 | 0.00 | — | 0.02 | Feb 1, 2000 | The shopping cart application provided with Filemaker allows remote users to modify sensitive purchase information via hidden form fields. |
- risk 0.49cvss 7.5epss 0.01
The server in Apple FileMaker before 14.0.4 on OS X allows remote attackers to read PHP source code via unspecified vectors.
- CVE-2014-8347Feb 11, 2020risk 0.03cvss —epss 0.01
An Authentication Bypass vulnerability exists in the MatchPasswordData function in DBEngine.dll in Filemaker Pro 13.03 and Filemaker Pro Advanced 12.04, which could let a malicious user obtain elevated privileges.
- CVE-2025-46320Feb 24, 2026risk 0.00cvss —epss 0.00
A cross-site scripting (XSS) vulnerability in a FileMaker WebDirect custom homepage could lead to unauthorized access and remote code execution. This vulnerability has been fully addressed in FileMaker Server 22.0.4 and FileMaker Server 21.1.7.
- CVE-2025-46296Dec 16, 2025risk 0.00cvss —epss 0.00
An authorization bypass vulnerability in FileMaker Server Admin Console allowed administrator roles with minimal privileges to access administrative features such as viewing license details and downloading application logs. This vulnerability has been fully addressed in…
- CVE-2024-27790Apr 26, 2024risk 0.00cvss —epss 0.00
Claris International has resolved an issue of potentially allowing unauthorized access to records stored in databases hosted on FileMaker Server. This issue has been fixed in FileMaker Server 20.3.2 by validating transactions before replying to client requests.
- CVE-2023-42955Apr 26, 2024risk 0.00cvss —epss 0.00
Claris International has successfully resolved an issue of potentially exposing password information to front-end websites when signed in to the Admin Console with an administrator role. This issue has been fixed in FileMaker Server 20.3.1 by eliminating the send of Admin Role…
- CVE-2024-27794Apr 15, 2024risk 0.00cvss —epss 0.00
Claris FileMaker Server before version 20.3.2 was susceptible to a reflected Cross-Site Scripting vulnerability due to an improperly handled parameter in the FileMaker WebDirect login endpoint. The vulnerability was resolved in FileMaker Server 20.3.2 by escaping the HTML…
- CVE-2023-42920Mar 19, 2024risk 0.00cvss —epss 0.00
Claris International has fixed a dylib hijacking vulnerability in the FileMaker Pro.app and Claris Pro.app versions on macOS.
- CVE-2021-44147Nov 22, 2021risk 0.00cvss —epss 0.01
An XML External Entity issue in Claris FileMaker Pro and Server (including WebDirect) before 19.4.1 allows a remote attacker to disclose local files via a crafted XML/Excel document and perform server-side request forgery attacks.
- CVE-2014-5322Sep 22, 2014risk 0.00cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in the Instant Web Publish function in FileMaker Pro before 13 and Pro Advanced before 13 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: this vulnerability exists because of an incorrect fix…
- CVE-2014-5321Sep 22, 2014risk 0.00cvss —epss 0.01
FileMaker Pro before 13 and Pro Advanced before 13 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. NOTE: this vulnerability exists because of an incorrect…
- CVE-2013-3640Jun 10, 2013risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in the Instant Web Publish function in FileMaker Pro before 12 and Pro Advanced before 12 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
- CVE-2013-2319Jun 10, 2013risk 0.00cvss —epss 0.01
FileMaker Pro before 12 and Pro Advanced before 12 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
- CVE-2007-6104Nov 23, 2007risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in the Instant Web Publishing feature in FileMaker Pro 7 and 8, Server 7 and 8, and Developer 7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
- CVE-2000-0386May 2, 2000risk 0.00cvss —epss 0.01
FileMaker Pro 5 Web Companion allows remote attackers to send anonymous or forged email.
- CVE-2000-0385May 2, 2000risk 0.00cvss —epss 0.02
FileMaker Pro 5 Web Companion allows remote attackers to bypass Field-Level database security restrictions via the XML publishing or email capabilities.
- CVE-2000-0123Feb 1, 2000risk 0.00cvss —epss 0.02
The shopping cart application provided with Filemaker allows remote users to modify sensitive purchase information via hidden form fields.