CVE-2026-35605

File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to 2.63.1, the Matches function in rules/rules.go uses strings.HasPrefix without a trailing directory separator when matching paths against access rules. ...

CVE-2026-35605 File Browser has an access rule bypass via HasPrefix without trailing separator in path matching

File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to 2.63.1, the Matches function in rules/rules.go uses strings.HasPrefix without a trailing directory separator when matching paths against access rules. ...

CVE-2026-35605

creationtimestamp| type| source ---|---|--- 2026-04-04 20:31:18+00:00| published-proof-of-concept| https://github.com/filebrowser/filebrowser/security/advisories/GHSA-5q48-q4fm-g3m6 2026-04-09 17:22:32+00:00| published-proof-of-concept| Telegram/vilnQ64f45V0K93eyMbGXUSRwitUexdwMg6sdyLUCQzylsw...

Ubuntu: Security Advisory (USN-5659-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-5659-1: kitty vulnerabilities

Stephane Chauveau discovered that kitty incorrectly handled image filenames with special characters in error messages. A remote attacker could possibly use this to execute arbitrary commands. This issue only affected Ubuntu 20.04 LTS. CVE-2020-35605 Carter Sande discovered that kitty incorrectly...

CVE-2022-35605

A SQL injection vulnerability in UserDAO.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via the parameters such as 'users', 'pass', etc...

openSUSE: Security Advisory for kitty (openSUSE-SU-2021:0025-1)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Security update for kitty (important)

openSUSE Security Update: Security update for kitty Announcement ID: openSUSE-SU-2021:0025-1 Rating: important References: 1180298 Cross-References: CVE-2020-35605 Affected Products: openSUSE Leap 15.2 An update that fixes one vulnerability is now available. Description: This update for kitty fix...

Debian DSA-4819-1 : kitty - security update

Stephane Chauveau discovered that the graphics protocol implementation in Kitty, a GPU-based terminal emulator, did not sanitise a filename when returning an error message, which could result in the execution of arbitrary shell commands when displaying a file with cat. C Tenable Network Security,...

[SECURITY] [DSA 4819-1] kitty security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4819-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff December 26, 2020 https://www.debian.org/security/faq -...

CVE-2020-35605

creationtimestamp| type| source ---|---|--- 2020-12-21 22:52:15+00:00| seen| https://t.me/cibsecurity/21138...

CVE-2020-35605

The CVE-2020-35605 vulnerability affects the Kitty terminal emulator (graphics protocol handling) where a filename containing special characters in an error message could enable remote code execution. Affected component is Kitty’s graphics protocol implementation; root cause is inadequate sanitis...