523 matches found
PT-2026-29426
Name of the Vulnerable Software and Affected Versions File Browser versions prior to 2.62.2 Description File Browser's EPUB preview function is susceptible to Stored Cross-Site Scripting XSS. A crafted EPUB file containing JavaScript can execute in a victim's browser when the file is previewed. T...
CVE-2026-34530
creationtimestamp| type| source ---|---|--- 2026-03-28 19:03:19+00:00| published-proof-of-concept| https://github.com/filebrowser/filebrowser/security/advisories/GHSA-xfqj-3vmx-63wv 2026-03-28 19:03:19+00:00| published-proof-of-concept|...
SUSE CVE-2026-32758
File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Versions 2.61.2 and below are vulnerable to Path Traversal through the resourcePatchHandler http/resource.go. The destination path in resourcePatchHandler is...
GO-2026-4711 File Browser has an Access Rule Bypass via Path Traversal in Copy/Rename Destination Parameter in github.com/filebrowser/filebrowser
File Browser has an Access Rule Bypass via Path Traversal in Copy/Rename Destination Parameter in github.com/filebrowser/filebrowser...
GO-2026-4710 File Browser Signup Grants Admin When Default Permissions Include Admin in github.com/filebrowser/filebrowser
File Browser Signup Grants Admin When Default Permissions Include Admin in github.com/filebrowser/filebrowser...
GO-2026-4713 File Browser TUS Negative Upload-Length Fires Post-Upload Hooks Prematurely in github.com/filebrowser/filebrowser
File Browser TUS Negative Upload-Length Fires Post-Upload Hooks Prematurely in github.com/filebrowser/filebrowser...
CVE-2026-32758
File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Versions 2.61.2 and below are vulnerable to Path Traversal through the resourcePatchHandler http/resource.go. The destination path in resourcePatchHandler is...
CVE-2026-32761
File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Versions 2.61.0 and below contain a permission enforcement bypass which allows users who are denied download privileges perm.download = false but granted share...
CVE-2026-32760
File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. In versions 2.61.2 and below, any unauthenticated visitor can register a full administrator account when self-registration signup = true is enabled and the...
SUSE CVE-2026-28492
File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. Prior to version 2.61.0, when a user creates a public share link for a directory, the withHashFile middleware in http/public.go uses...
SUSE CVE-2026-29188
File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. Prior to version 2.61.1, a broken access control vulnerability in the TUS protocol DELETE endpoint allows authenticated users with only Create...
CVE-2026-32758
File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Versions 2.61.2 and below are vulnerable to Path Traversal through the resourcePatchHandler http/resource.go. The destination path in resourcePatchHandler is...
CVE-2026-32760
File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. In versions 2.61.2 and below, any unauthenticated visitor can register a full administrator account when self-registration signup = true is enabled and the...
CVE-2026-32761
File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Versions 2.61.0 and below contain a permission enforcement bypass which allows users who are denied download privileges perm.download = false but granted share...
File Browser 安全漏洞
File Browser is an open-source file management interface developed by File Browser. It allows for the uploading, deletion, previewing, and editing of files within a specified directory. Versions of FileBrowser 2.61.2 and earlier contain security vulnerabilities. These vulnerabilities stem from pa...
File Browser 访问控制错误漏洞
File Browser is an open-source file management interface developed by File Browser. It allows for the uploading, deletion, previewing, and editing of files within a specified directory. Versions of FileBrowser 2.61.2 and earlier contained a vulnerability related to access control. This...
File Browser 输入验证错误漏洞
File Browser is an open-source file management interface developed by File Browser. It allows for the uploading, deletion, previewing, and editing of files within a specified directory. Versions of File Browser 2.61.2 and earlier contained a vulnerability related to input validation errors. This...
File Browser 安全漏洞
File Browser is an open-source file management interface developed by File Browser. It allows for the uploading, deletion, previewing, and editing of files within a specified directory. Versions of File Browser 2.61.0 and earlier contain security vulnerabilities. These vulnerabilities stem from...
CVE-2026-32761 File Browser has an Authorization Policy Bypass in its Public Share Download Flow
File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Versions 2.61.0 and below contain a permission enforcement bypass which allows users who are denied download privileges perm.download = false but granted share...
CVE-2026-32761 File Browser has an Authorization Policy Bypass in its Public Share Download Flow
File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Versions 2.61.0 and below contain a permission enforcement bypass which allows users who are denied download privileges perm.download = false but granted share...