Tiny File Manager Unauthenticated Access

Tiny File Manager is a web-based file manager written in PHP. It allows users to manage files on a web server through a simple and user-friendly interface. When authentication is not enforced, an attacker can access the File Browser interface without any credentials. This can lead to unauthorized...

File Browser Unauthenticated Access

File Browser is an open-source web-based file manager that allows users to manage files on a server through a web interface. If the File Browser instance is accessible without authentication, it can lead to unauthorized access to sensitive files and directories on the server. No source data...

CVE-2025-59548 DNN Vulnerable to Reflected Cross-Site Scripting (XSS) in CKEditor File Browser

DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. Prior to version 10.1.0, specially crafted URLs to the FileBrowser are vulnerable to javascript injection, affecting any unsuspecting user clicking such link. This issue has been patched in...

[SECURITY] Fedora 43 Update: jupyterlab-4.4.7-1.fc43

JupyterLab is the next-generation user interface for Project Jupyter offering all the familiar building blocks of the classic Jupyter Notebook notebook, terminal, text editor, file browser, rich outputs, etc. in a flexible and powerful user interface...

CVE-2024-35203

Mahara before 22.10.6, 23.04.6, and 24.04.1 allows cross-site scripting XSS via a file, with JavaScript code as part of its name, that is uploaded via the Mahara filebrowser system...

PT-2025-34812 · Mahara · Mahara

Name of the Vulnerable Software and Affected Versions: Mahara versions prior to 22.10.6 Mahara versions prior to 23.04.6 Mahara versions prior to 24.04.1 Description: The application allows cross-site scripting XSS via a file uploaded through the Mahara filebrowser system. The vulnerability occur...

CVE-2024-35203

CVE-2024-35203 affects Mahara before 22.10.6, 23.04.6, and 24.04.1, where a file uploaded via the Mahara filebrowser can carry a name containing JavaScript and trigger cross-site scripting (XSS). Root cause: improper sanitization of uploaded filenames. Impact: XSS possibility via file name in the...

Malicious code in ng-file-browser (npm)

The package ng-file-browser was found to contain malicious code...

MAL-2025-27459 Malicious code in ng-file-browser (npm)

The package ng-file-browser was found to contain malicious code...

SUSE CVE-2025-52900

File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. The file access permissions for files uploaded to or created from File Browser are never explicitly set by the application. The same is true for the...

SUSE CVE-2025-52901

File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. Prior to version 2.33.9, access tokens are used as GET parameters. The JSON Web Token JWT which is used as a session identifier will get leaked to...

SUSE CVE-2025-52902

File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. The Markdown preview function of File Browser prior to v2.33.7 is vulnerable to Stored Cross-Site-Scripting XSS. Any JavaScript code that is part of a...

SUSE CVE-2025-52903

File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. In versions on the 2.x branch prior to 2.33.10, the Command Execution feature of File Browser only allows the execution of shell command which have be...

SUSE CVE-2025-52904

File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. In versions of the web application on the 2.x branch, all users have a scope assigned, and they only have access to the files within that scope. The...

SUSE CVE-2025-52995

File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. Prior to version 2.33.10, the implementation of the allowlist is erroneous, allowing a user to execute more shell commands than they are authorized fo...

SUSE CVE-2025-52997

File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. Prior to version 2.34.1, a missing password policy and brute-force protection makes the authentication process insecure. Attackers could mount a...

SUSE CVE-2025-53826

File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename, and edit files. In version 2.39.0, File Browser's authentication system issues long-lived JWT tokens that remain valid even after the user logs out. As of time of...

SUSE CVE-2025-53893

File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename, and edit files. In version 2.38.0, a Denial of Service DoS vulnerability exists in the file processing logic when reading a file on endpoint...

FileBrowser Denial of Service Vulnerability

FileBrowser is an open source web file browser . Provides a file management interface in a specified directory , can be used to upload , delete , preview , rename and edit your files . FileBrowser has a denial of service vulnerability , the vulnerability stems from a flaw in the file handling log...

GO-2025-3812 File Browser’s insecure JWT handling can lead to session replay attacks after logout in github.com/filebrowser/filebrowser

File Browser’s insecure JWT handling can lead to session replay attacks after logout in github.com/filebrowser/filebrowser...