cbcvebase.

Soliton Filezen vulnerabilities

5 known vulnerabilities affecting soliton/filezen.

Total CVEs
5
CISA KEV
1
actively exploited
Public exploits
0
Exploited in wild
2
Severity breakdown
CRITICAL2HIGH3

Vulnerabilities

Page 1 of 1
CVE-2026-25108P1HIGHCVSS 8.8KEV≥ 4.2.1, < 5.0.112026-02-13
CVE-2026-25108 [HIGH] CWE-78 CVE-2026-25108: FileZen contains an OS command injection vulnerability. When FileZen Antivirus Check Option is enabl FileZen contains an OS command injection vulnerability. When FileZen Antivirus Check Option is enabled, a logged-in user may send a specially crafted HTTP request to execute an arbitrary OS command.
nvd
CVE-2021-20655P1HIGHCVSS 7.2ExploitedRansomware≥ 3.0.0, ≤ 4.2.7≥ 5.0.0, ≤ 5.0.22021-02-17
CVE-2021-20655 [HIGH] CWE-78 CVE-2021-20655: FileZen (V3.0.0 to V4.2.7 and V5.0.0 to V5.0.2) allows a remote attacker with administrator rights t FileZen (V3.0.0 to V4.2.7 and V5.0.0 to V5.0.2) allows a remote attacker with administrator rights to execute arbitrary OS commands via unspecified vectors.
nvd
CVE-2020-5639P2CRITICALCVSS 9.8≥ 3.0.0, ≤ 4.2.22020-12-14
CVE-2020-5639 [CRITICAL] CWE-22 CVE-2020-5639: Directory traversal vulnerability in FileZen versions from V3.0.0 to V4.2.2 allows remote attackers Directory traversal vulnerability in FileZen versions from V3.0.0 to V4.2.2 allows remote attackers to upload an arbitrary file in a specific directory via unspecified vectors. As a result, an arbitrary OS command may be executed.
nvd
CVE-2018-0694P2CRITICALCVSS 9.8≥ 3.0.0, ≤ 4.2.12018-11-15
CVE-2018-0694 [CRITICAL] CWE-78 CVE-2018-0694: FileZen V3.0.0 to V4.2.1 allows remote attackers to execute arbitrary OS commands via unspecified ve FileZen V3.0.0 to V4.2.1 allows remote attackers to execute arbitrary OS commands via unspecified vectors.
nvd
CVE-2018-0693P3HIGHCVSS 7.5≥ 3.0.0, ≤ 4.2.12018-11-15
CVE-2018-0693 [HIGH] CWE-22 CVE-2018-0693: Directory traversal vulnerability in FileZen V3.0.0 to V4.2.1 allows remote attackers to upload an a Directory traversal vulnerability in FileZen V3.0.0 to V4.2.1 allows remote attackers to upload an arbitrary file in the specific directory in FileZen via unspecified vectors.
nvd
Soliton Filezen vulnerabilities | cvebase