VYPR

Vendor CVEs

Hyland

All CVEs

33 total · sorted by risk
  • CVE-2025-34153CriAug 13, 2025
    risk 0.65cvss epss 0.01

    Hyland OnBase versions prior to 17.0.2.87 (other versions may be affected) are vulnerable to unauthenticated remote code execution via insecure deserialization on the .NET Remoting TCP channel. The service registers a listener on port 6031 with the URI endpoint TimerServer,…

  • CVE-2026-26221CriFeb 13, 2026
    risk 0.64cvss 9.8epss 0.01

    Hyland OnBase contains an unauthenticated .NET Remoting exposure in the OnBase Workflow Timer Service (Hyland.Core.Workflow.NTService.exe). An attacker who can reach the service can send crafted .NET Remoting requests to default HTTP channel endpoints on TCP/8900 (e.g.,…

  • CVE-2023-31488CriJan 10, 2024
    risk 0.64cvss 9.8epss 0.01

    Hyland Perceptive Filters releases before 2023-12-08 (e.g., 11.4.0.2647), as used in Cisco IronPort Email Security Appliance Software, Cisco Secure Email Gateway, and various non-Cisco products, allow attackers to trigger a segmentation fault and execute arbitrary code via a…

  • CVE-2020-25260CriSep 11, 2020
    risk 0.64cvss 9.8epss 0.03

    An issue was discovered in Hyland OnBase 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. It allows remote attackers to execute arbitrary code because of unsafe JSON deserialization.

  • CVE-2020-25259CriSep 11, 2020
    risk 0.64cvss 9.8epss 0.01

    An issue was discovered in Hyland OnBase 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. It uses XML deserialization libraries in an unsafe manner.

  • CVE-2020-25258CriSep 11, 2020
    risk 0.64cvss 9.8epss 0.02

    An issue was discovered in Hyland OnBase 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. It uses ASP.NET BinaryFormatter.Deserialize in a manner that allows attackers to transmit and execute bytecode in SOAP…

  • CVE-2020-25257CriSep 11, 2020
    risk 0.64cvss 9.8epss 0.01

    An issue was discovered in Hyland OnBase 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. It allows XXE attacks for read/write access to arbitrary files.

  • CVE-2020-25254CriSep 11, 2020
    risk 0.64cvss 9.8epss 0.02

    An issue was discovered in Hyland OnBase 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. It allows SQL injection, as demonstrated by TestConnection_LocalOrLinkedServer, CreateFilterFriendlyView, or…

  • CVE-2020-25253CriSep 11, 2020
    risk 0.64cvss 9.8epss 0.01

    An issue was discovered in Hyland OnBase 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. It allows SQL injection, as demonstrated by the TableName, ColumnName, Name, UserId, or Password parameter.

  • CVE-2023-49964HigDec 11, 2023
    risk 0.60cvss 8.8epss 0.35

    An issue was discovered in Hyland Alfresco Community Edition through 7.2.0. By inserting malicious content in the folder.get.html.ftl file, an attacker may perform SSTI (Server-Side Template Injection) attacks, which can leverage FreeMarker exposed objects to bypass restrictions…

  • CVE-2020-25256CriSep 11, 2020
    risk 0.59cvss 9.1epss 0.01

    An issue was discovered in Hyland OnBase 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. PKI certificates have a private key that is the same across different customers' installations.

  • CVE-2020-25251CriSep 11, 2020
    risk 0.59cvss 9.1epss 0.01

    An issue was discovered in Hyland OnBase 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. Client-side authentication is used for critical functions such as adding users or retrieving sensitive information.

  • CVE-2021-41790HigOct 21, 2021
    risk 0.57cvss 8.8epss 0.01

    An issue was discovered in Hyland org.alfresco:alfresco-content-services through 7.0.1.2. Script Action execution allows executing scripts uploaded outside of the Data Dictionary. This could allow a logged-in attacker to execute arbitrary code inside a sandboxed environment.

  • CVE-2020-25252HigSep 11, 2020
    risk 0.57cvss 8.8epss 0.01

    An issue was discovered in Hyland OnBase through 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. CSRF can be used to log in a user, and then perform actions, because there are default credentials (the wstinol…

  • CVE-2018-3851HigApr 26, 2018
    risk 0.57cvss 8.8epss 0.03

    In Hyland Perceptive Document Filters 11.4.0.2647 - x86/x64 Windows/Linux, an exploitable stack-based buffer overflow exists in the DOC-to-HTML conversion functionality of the Hyland Perceptive Document Filters version 11.4.0.2647. A crafted .doc document can lead to a…

  • CVE-2018-3845HigApr 26, 2018
    risk 0.57cvss 8.8epss 0.03

    In Hyland Perceptive Document Filters 11.4.0.2647 - x86/x64 Windows/Linux, a crafted OpenDocument document can lead to a SkCanvas object double free resulting in direct code execution.

  • CVE-2018-3844HigApr 26, 2018
    risk 0.57cvss 8.8epss 0.03

    In Hyland Perceptive Document Filters 11.4.0.2647 - x86/x64 Windows/Linux, a crafted DOCX document can lead to a use-after-free resulting in direct code execution.

  • CVE-2018-3855HigApr 26, 2018
    risk 0.51cvss 7.8epss 0.02

    In Hyland Perceptive Document Filters 11.4.0.2647 - x86/x64 Windows/Linux, a crafted OpenDocument document can lead to a SkCanvas object double free resulting in direct code execution.

  • CVE-2020-25255HigSep 11, 2020
    risk 0.49cvss 7.5epss 0.01

    An issue was discovered in Hyland OnBase 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. It allows remote attackers to cause a denial of service (outage of connection-request processing) via a long user ID, which…

  • CVE-2020-25250HigSep 11, 2020
    risk 0.49cvss 7.5epss 0.01

    An issue was discovered in Hyland OnBase 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. Client applications can write arbitrary data to the server logs.

  • CVE-2020-25248HigSep 11, 2020
    risk 0.49cvss 7.5epss 0.02

    An issue was discovered in Hyland OnBase through 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. Directory traversal exists for reading files, as demonstrated by the FileName parameter.

  • CVE-2020-25247HigSep 11, 2020
    risk 0.49cvss 7.5epss 0.01

    An issue was discovered in Hyland OnBase through 18.0.0.32 and 19.x through 19.8.9.1000. Directory traversal exists for writing to files, as demonstrated by the FileName parameter.

  • CVE-2018-19629HigJul 16, 2019
    risk 0.49cvss 7.5epss 0.01

    A Denial of Service vulnerability in the ImageNow Server service in Hyland Perceptive Content Server before 7.1.5 allows an attacker to crash the service via a TCP connection.

  • CVE-2024-40347MedJul 20, 2024
    risk 0.40cvss 6.1epss 0.00

    A reflected cross-site scripting (XSS) vulnerability in Hyland Alfresco Platform 23.2.1-r96 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload into the parameter htmlid.

  • CVE-2022-23342MedJun 21, 2022
    risk 0.35cvss 5.3epss 0.01

    The Hyland Onbase Application Server releases prior to 20.3.58.1000 and OnBase releases 21.1.1.1000 through 21.1.15.1000 are vulnerable to a username enumeration vulnerability. An attacker can obtain valid users based on the response returned for invalid and valid users by…

  • CVE-2021-41792MedOct 21, 2021
    risk 0.35cvss 5.3epss 0.01

    An issue was discovered in Hyland org.alfresco:alfresco-content-services through 6.2.2.18 and org.alfresco:alfresco-transform-services through 1.3. A crafted HTML file, once uploaded, could trigger an unexpected request by the transformation engine. The response to the request…

  • CVE-2021-41791MedOct 21, 2021
    risk 0.35cvss 5.4epss 0.01

    An issue was discovered in Hyland org.alfresco:share through 7.0.0.2 and org.alfresco:community-share through 7.0. An evasion of the XSS filter for HTML input validation in the Alfresco Share User Interface leads to stored XSS that could be exploited by an attacker (given that…

  • CVE-2020-25249MedSep 11, 2020
    risk 0.35cvss 5.3epss 0.01

    An issue was discovered in Hyland OnBase 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. The server typically logs activity only when a client application specifies that logging is desired. This can be…

  • CVE-2025-0557MedJan 18, 2025
    risk 0.28cvss 4.3epss 0.01

    A vulnerability classified as problematic has been found in Hyland Alfresco Community Edition and Alfresco Enterprise Edition up to 6.2.2. This affects an unknown part of the file /share/s/ of the component URL Handler. The manipulation leads to cross site scripting. It is…

  • CVE-2026-26339Feb 19, 2026
    risk 0.00cvss epss 0.01

    Hyland Alfresco Transformation Service allows unauthenticated attackers to achieve remote code execution through the argument injection vulnerability, which exists in the document processing functionality.

  • CVE-2026-26338Feb 19, 2026
    risk 0.00cvss epss 0.00

    Hyland Alfresco Transformation Service allows unauthenticated attackers to achieve server-side request forgery (SSRF) through the document processing functionality.

  • CVE-2026-26337Feb 19, 2026
    risk 0.00cvss epss 0.00

    Hyland Alfresco Transformation Service allows unauthenticated attackers to achieve both arbitrary file read and server-side request forgery through the absolute path traversal.

  • CVE-2026-26336Feb 19, 2026
    risk 0.00cvss epss 0.00

    Hyland Alfresco allows unauthenticated attackers to read arbitrary files from protected directories (like WEB-INF) via the "/share/page/resource/" endpoint, thus leading to the disclosure of sensitive configuration files.