FileZen
Products
1- 10 CVEs
Recent CVEs
10| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-5639 | Cri | 0.64 | 9.8 | 0.05 | Dec 14, 2020 | Directory traversal vulnerability in FileZen versions from V3.0.0 to V4.2.2 allows remote attackers to upload an arbitrary file in a specific directory via unspecified vectors. As a result, an arbitrary OS command may be executed. | ||
| CVE-2018-0694 | Cri | 0.64 | 9.8 | 0.02 | Nov 15, 2018 | FileZen V3.0.0 to V4.2.1 allows remote attackers to execute arbitrary OS commands via unspecified vectors. | ||
| CVE-2024-8058 | Hig | 0.49 | 7.6 | 0.00 | Dec 16, 2024 | An improper parsing vulnerability was reported in the FileZ client that could allow a crafted file in the FileZ directory to read arbitrary files on the device due to URL preloading. | ||
| CVE-2018-0693 | Hig | 0.49 | 7.5 | 0.02 | Nov 15, 2018 | Directory traversal vulnerability in FileZen V3.0.0 to V4.2.1 allows remote attackers to upload an arbitrary file in the specific directory in FileZen via unspecified vectors. | ||
| CVE-2021-20655 | Hig | 0.47 | 7.2 | 0.04 | Feb 17, 2021 | FileZen (V3.0.0 to V4.2.7 and V5.0.0 to V5.0.2) allows a remote attacker with administrator rights to execute arbitrary OS commands via unspecified vectors. | ||
| CVE-2025-6249 | Med | 0.44 | 6.7 | 0.00 | Jul 17, 2025 | An authentication bypass vulnerability was reported in FileZ client application that could allow a local attacker with elevated permissions access to application data. | ||
| CVE-2025-2070 | Med | 0.33 | 5.0 | 0.00 | Apr 25, 2025 | An improper XML parsing vulnerability was reported in the FileZ client that could allow arbitrary file reads on the system if a crafted url is visited by a local user. | ||
| CVE-2025-2069 | Med | 0.33 | 5.0 | 0.00 | Apr 25, 2025 | A cross-site scripting vulnerability was reported in the FileZ client that could allow execution of code if a crafted url is visited by a local user. | ||
| CVE-2025-2068 | Med | 0.33 | 5.0 | 0.00 | Apr 25, 2025 | An open redirect vulnerability was reported in the FileZ client that could allow information disclosure if a crafted url is visited by a local user. | ||
| CVE-2026-25108 | 0.13 | — | 0.05 | KEV | Feb 13, 2026 | FileZen contains an OS command injection vulnerability. When FileZen Antivirus Check Option is enabled, a logged-in user may send a specially crafted HTTP request to execute an arbitrary OS command. |
- risk 0.64cvss 9.8epss 0.05
Directory traversal vulnerability in FileZen versions from V3.0.0 to V4.2.2 allows remote attackers to upload an arbitrary file in a specific directory via unspecified vectors. As a result, an arbitrary OS command may be executed.
- risk 0.64cvss 9.8epss 0.02
FileZen V3.0.0 to V4.2.1 allows remote attackers to execute arbitrary OS commands via unspecified vectors.
- risk 0.49cvss 7.6epss 0.00
An improper parsing vulnerability was reported in the FileZ client that could allow a crafted file in the FileZ directory to read arbitrary files on the device due to URL preloading.
- risk 0.49cvss 7.5epss 0.02
Directory traversal vulnerability in FileZen V3.0.0 to V4.2.1 allows remote attackers to upload an arbitrary file in the specific directory in FileZen via unspecified vectors.
- risk 0.47cvss 7.2epss 0.04
FileZen (V3.0.0 to V4.2.7 and V5.0.0 to V5.0.2) allows a remote attacker with administrator rights to execute arbitrary OS commands via unspecified vectors.
- risk 0.44cvss 6.7epss 0.00
An authentication bypass vulnerability was reported in FileZ client application that could allow a local attacker with elevated permissions access to application data.
- risk 0.33cvss 5.0epss 0.00
An improper XML parsing vulnerability was reported in the FileZ client that could allow arbitrary file reads on the system if a crafted url is visited by a local user.
- risk 0.33cvss 5.0epss 0.00
A cross-site scripting vulnerability was reported in the FileZ client that could allow execution of code if a crafted url is visited by a local user.
- risk 0.33cvss 5.0epss 0.00
An open redirect vulnerability was reported in the FileZ client that could allow information disclosure if a crafted url is visited by a local user.
- risk 0.13cvss —epss 0.05
FileZen contains an OS command injection vulnerability. When FileZen Antivirus Check Option is enabled, a logged-in user may send a specially crafted HTTP request to execute an arbitrary OS command.