Browse all 13 CVE security advisories affecting maxfoundry. AI-powered Chinese analysis, POCs, and references for each vulnerability.
MaxFoundry develops enterprise software solutions for content management and digital experience platforms. Historically, their products have been susceptible to multiple remote code execution vulnerabilities, cross-site scripting flaws, and privilege escalation issues, accounting for their 13 recorded CVEs. Notable security characteristics include exposure in web applications and APIs, with several critical RCE vulnerabilities allowing unauthorized system access. While no major public security incidents have been documented, the consistent pattern of vulnerabilities in their software stack suggests a need for robust security validation and patch management processes for organizations utilizing their platforms.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-2312 | Media Library Folders <= 8.3.6 - Insecure Direct Object Reference to Authenticated (Author+) Arbitrary Attachment Deletion and Rename — Media Library FoldersCWE-862 | 4.3 | Medium | 2026-02-14 |
| CVE-2025-0935 | Media Library Folders <= 8.3.0 - Missing Authorization to Plugin Settings Change — Media Library FoldersCWE-862 | 4.3 | Medium | 2025-02-15 |
| CVE-2024-7858 | Media Library Folders <= 8.2.3 - Missing Authorization on Various Functions — Media Library FoldersCWE-862 | 6.3 | Medium | 2024-08-30 |
| CVE-2024-7857 | Media Library Folders <= 8.2.2 - Authenticated (Subscriber+) Second-Order SQL Injection — Media Library FoldersCWE-89 | 6.5 | Medium | 2024-08-29 |
| CVE-2024-3615 | Media Library Folders <= 8.2.0 - Reflected Cross-Site Scripting via 's' — Media Library FoldersCWE-79 | 6.1 | Medium | 2024-04-19 |
This page lists every published CVE security advisory associated with maxfoundry. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.