Michael Newton

#6870of 53,632
39.5Total CVSS
Vulnerabilities · 5
Medium
1
High
4
PT-2025-28899
6.8
2025-07-09
Connectwise · Connectwise Psa · CVE-2025-7204
Name of the Vulnerable Software and Affected Versions: ConnectWise PSA versions prior to 2025.9 Description: A vulnerability exists where authenticated users could gain access to sensitive user information. Specific API requests return an overly verbose user object, which includes encrypted password hashes for other users. An attacker or privileged user could use these exposed hashes to conduct offline brute-force or dictionary attacks, potentially leading to credential compromise and privilege escalation within the system. Recommendations: Update ConnectWise PSA to version 2025.9 or later.
PT-2022-24672
8.8
2022-10-31
M Files · M-Files Hubshare · CVE-2022-39016
**Name of the Vulnerable Software and Affected Versions** M-Files Hubshare versions prior to 3.3.10.9 **Description** The issue allows authenticated attackers to perform an account takeover via a crafted PDF upload, exploiting a Javascript injection in PDFtron. **Recommendations** For versions prior to 3.3.10.9, update to version 3.3.10.9 or later to resolve the issue.
PT-2022-24673
8.2
2022-10-31
M Files · M-Files Hubshare · CVE-2022-39017
**Name of the Vulnerable Software and Affected Versions** M-Files Hubshare versions prior to 3.3.10.9 **Description** The issue is related to improper input validation and output encoding in comments fields, allowing authenticated attackers to introduce cross-site scripting attacks via specially crafted comments. **Recommendations** For versions prior to 3.3.10.9, update to version 3.3.10.9 or later to resolve the issue. As a temporary workaround, consider restricting access to comments fields until the update is applied.
PT-2022-24674
8.2
2022-10-31
M Files · M-Files Hubshare · CVE-2022-39018
**Name of the Vulnerable Software and Affected Versions** M-Files Hubshare versions prior to 3.3.11.3 **Description** The issue concerns broken access controls on PDFtron data, allowing unauthenticated attackers to access restricted PDF files via a known URL. **Recommendations** For versions prior to 3.3.11.3, update to version 3.3.11.3 or later to resolve the issue.
PT-2022-24675
7.5
2022-10-31
M Files · M-Files Hubshare · CVE-2022-39019
**Name of the Vulnerable Software and Affected Versions** M-Files Hubshare versions prior to 3.3.11.3 **Description** The issue concerns broken access controls on PDFtron WebviewerUI in M-Files Hubshare, allowing unauthenticated attackers to upload malicious files to the application server. **Recommendations** For versions prior to 3.3.11.3, update to version 3.3.11.3 or later to resolve the issue.