CVE Daily – FileMaker Platform (High+Critical)

[High] CVE-2026-43685 – A Remote Code Execution vulnerability in Claris FileMaker Cloud allowed a user w...

Tue, 12 May 2026 23:16:17 +0000

High CVE-2026-43685

A Remote Code Execution vulnerability in Claris FileMaker Cloud allowed a user with Admin Console privileges to inject arbitrary operating system commands through unsanitized input in the External ODBC Data Source connection test feature. This issue is fixed in FileMaker Cloud 2.22.0.5.

CVSS: 7.2 · CWE: CWE-78

View on NVD

[High] CVE-2026-43680 – A Remote Code Execution vulnerability in Claris FileMaker Cloud allowed a user w...

Tue, 12 May 2026 23:16:17 +0000

High CVE-2026-43680

A Remote Code Execution vulnerability in Claris FileMaker Cloud allowed a user with Admin Console privileges to bypass a front-end restriction on OS Script schedule types and execute arbitrary operating system commands on the underlying host. This issue is fixed in FileMaker Cloud 2.22.0.5.

CVSS: 7.2 · CWE: CWE-94

View on NVD

[Critical] CVE-2025-46295 – Apache Commons Text versions prior to 1.10.0 included interpolation features tha...

Tue, 16 Dec 2025 18:16:12 +0000

Critical CVE-2025-46295

Apache Commons Text versions prior to 1.10.0 included interpolation features that could be abused when applications passed untrusted input into the text-substitution API. Because some interpolators could trigger actions like executing commands or accessing external resources, an attacker could potentially achieve remote code execution. This vulnerability has been fully addressed in FileMaker Serv…

CVSS: 9.8 · CWE: CWE-94

View on NVD

[High] CVE-2024-27790 – Claris International has resolved an issue of potentially allowing unauthorized ...

Tue, 14 May 2024 15:13:01 +0000

High CVE-2024-27790

Claris International has resolved an issue of potentially allowing unauthorized access to records stored in databases hosted on FileMaker Server. This issue has been fixed in FileMaker Server 20.3.2 by validating transactions before replying to client requests.

CVSS: 7.5 · CWE: CWE-284

View on NVD

[High] CVE-2023-42920 – Claris International has fixed a dylib hijacking vulnerability in the FileMaker ...

Tue, 19 Mar 2024 17:15:08 +0000

High CVE-2023-42920

Claris International has fixed a dylib hijacking vulnerability in the FileMaker Pro.app and Claris Pro.app versions on macOS.

CVSS: 7.8 · CWE: CWE-427

View on NVD

[High] CVE-2014-8347 – An Authentication Bypass vulnerability exists in the MatchPasswordData function ...

Tue, 11 Feb 2020 14:15:17 +0000

High CVE-2014-8347

An Authentication Bypass vulnerability exists in the MatchPasswordData function in DBEngine.dll in Filemaker Pro 13.03 and Filemaker Pro Advanced 12.04, which could let a malicious user obtain elevated privileges.

CVSS: 7.8 · CWE: CWE-287

View on NVD

[High] CVE-2016-1208 – The server in Apple FileMaker before 14.0.4 on OS X allows remote attackers to r...

Sat, 14 May 2016 15:59:01 +0000

High CVE-2016-1208

The server in Apple FileMaker before 14.0.4 on OS X allows remote attackers to read PHP source code via unspecified vectors.

CVSS: 7.5 · CWE: CWE-200

View on NVD

[High] CVE-2000-0386 – FileMaker Pro 5 Web Companion allows remote attackers to send anonymous or forge...

Tue, 02 May 2000 04:00:00 +0000

High CVE-2000-0386

FileMaker Pro 5 Web Companion allows remote attackers to send anonymous or forged email.

CVSS: 7.5 · CWE: N/A

View on NVD

[High] CVE-2000-0123 – The shopping cart application provided with Filemaker allows remote users to mod...

Tue, 01 Feb 2000 05:00:00 +0000

High CVE-2000-0123

The shopping cart application provided with Filemaker allows remote users to modify sensitive purchase information via hidden form fields.

CVSS: 7.5 · CWE: N/A

View on NVD