CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

523 matches found

Vulnrichment•added 2026/03/05 9:6 p.m.•3 views

CVE-2026-28492 File Browser: Path Traversal in Public Share Links Exposes Files Outside Shared Directory

File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. Prior to version 2.61.0, when a user creates a public share link for a directory, the withHashFile middleware in http/public.go uses...

7.1CVSS5.7AI score0.00322EPSS

Exploits1References3

ATTACKERKB•added 2026/03/05 9:6 p.m.•5 views

CVE-2026-28492

7.1CVSS5.8AI score0.00322EPSS

Exploits1References4Affected Software1

Cvelist•added 2026/03/05 9:6 p.m.•30 views

CVE-2026-28492 File Browser: Path Traversal in Public Share Links Exposes Files Outside Shared Directory

7.1CVSS0.00322EPSS

Exploits1References3

CVE•added 2026/03/05 9:6 p.m.•24 views

CVE-2026-28492

File Browser CVE-2026-28492 affects the File Browser file-management interface. Before v2.61.0, the withHashFile middleware uses filepath.Dir(link.Path) to determine BasePathFs, causing the filesystem root to be set to the parent directory of a public share rather than the share itself. This allo...

7.1CVSS5.8AI score0.00322EPSS

Exploits1References3Affected Software1

OSV•added 2026/03/05 9:6 p.m.•5 views

CVE-2026-28492 File Browser: Path Traversal in Public Share Links Exposes Files Outside Shared Directory

7.1CVSS5.7AI score0.00322EPSS

Exploits1References5

CVE•added 2026/03/05 8:57 p.m.•19 views

CVE-2026-29188

CVE-2026-29188 concerns File Browser’s TUS protocol DELETE endpoint, where prior to v2.61.1 broken access control allowed authenticated users with only Create permission to delete arbitrary files/directories within their scope. The issue affects multi-user deployments with restricted deletion per...

9.1CVSS5.9AI score0.00487EPSS

Exploits1References3Affected Software1

ATTACKERKB•added 2026/03/05 8:57 p.m.•5 views

CVE-2026-29188

File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. Prior to version 2.61.1, a broken access control vulnerability in the TUS protocol DELETE endpoint allows authenticated users with only Create...

9.1CVSS5.9AI score0.00487EPSS

Exploits1References4Affected Software1

Cvelist•added 2026/03/05 8:57 p.m.•28 views

CVE-2026-29188 File Browser: TUS Delete Endpoint Bypasses Delete Permission Check

9.1CVSS0.00487EPSS

Exploits1References3

Vulnrichment•added 2026/03/05 8:57 p.m.•2 views

CVE-2026-29188 File Browser: TUS Delete Endpoint Bypasses Delete Permission Check

9.1CVSS5.8AI score0.00487EPSS

Exploits1References3

OSV•added 2026/03/05 8:57 p.m.•2 views

CVE-2026-29188 File Browser: TUS Delete Endpoint Bypasses Delete Permission Check

9.1CVSS5.8AI score0.00487EPSS

Exploits1References5

CNNVD•added 2026/03/05 12:0 a.m.•5 views

File Browser 安全漏洞

File Browser is an open-source file management interface developed by File Browser. It allows for the uploading, deletion, previewing, and editing of files within a specified directory. Versions of File Browser prior to 2.61.1 contained security vulnerabilities, which stemmed from improper access...

9.1CVSS7.3AI score0.00487EPSS

Exploits1References3

CNNVD•added 2026/03/05 12:0 a.m.•7 views

File Browser 信息泄露漏洞

File Browser is an open-source file management interface developed by File Browser. It allows for the uploading, deletion, previewing, and editing of files within a specified directory. Versions of File Browser prior to 2.61.0 contained a vulnerability related to information leakage. This...

7.1CVSS7.2AI score0.00322EPSS

Exploits1References3

SUSE CVE•added 2026/03/04 12:26 a.m.•2 views

SUSE CVE-2026-25889

File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. Prior to 2.57.1, a case-sensitivity flaw in the password validation logic allows any authenticated user to change their password or an admin to change...

5.4CVSS5.8AI score0.00325EPSS

Exploits1References3

SUSE CVE•added 2026/03/04 12:26 a.m.•2 views

SUSE CVE-2026-25890

File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. Prior to 2.57.1, an authenticated user can bypass the application's "Disallow" file path rules by modifying the request URL. By adding multiple slashe...

8.1CVSS5.8AI score0.00461EPSS

Exploits2References3

RedhatCVE•added 2026/02/19 7:28 a.m.•3 views

CVE-2026-2419

The WP-DownloadManager plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.69 via the 'downloadpath' configuration parameter. This is due to insufficient validation of the download path setting, which allows directory traversal sequences to bypass the...

2.7CVSS5.7AI score0.00718EPSS

Exploits0References1

OSV•added 2026/02/17 6:9 p.m.•4 views

GO-2026-4475 File Browser has an Authentication Bypass in User Password Update in github.com/filebrowser/filebrowser

File Browser has an Authentication Bypass in User Password Update in github.com/filebrowser/filebrowser...

5.4CVSS5.5AI score0.00325EPSS

Exploits1References4

OSV•added 2026/02/17 6:9 p.m.•3 views

GO-2026-4474 File Browser has a Path-Based Access Control Bypass via Multiple Leading Slashes in URL in github.com/filebrowser/filebrowser

File Browser has a Path-Based Access Control Bypass via Multiple Leading Slashes in URL in github.com/filebrowser/filebrowser...

8.1CVSS5.5AI score0.00461EPSS

Exploits2References4