523 matches found
CVE-2026-35585
CVE-2026-35585 affects File Browser versions 2.0.0–2.63.1. The hook system that runs administrator-defined shell commands on file events (upload/rename/delete) is vulnerable to OS command injection because values like $FILE and $USERNAME are substituted via os.Expand without sanitization. An atta...
CVE-2026-35585
File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. From 2.0.0 through 2.63.1, the hook system in File Browser — which executes administrator-defined shell commands on file events such as upload, rename, and dele...
GO-2026-4738 File Browser has an Authorization Policy Bypass in Public Share Download Flow in github.com/filebrowser/filebrowser
File Browser has an Authorization Policy Bypass in Public Share Download Flow in github.com/filebrowser/filebrowser...
PT-2026-30906
Name of the Vulnerable Software and Affected Versions File Browser versions prior to 2.63.1 Description File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. The Matches function in rules/rules.go uses...
PT-2026-30908
File Browser versions prior to 2.63.1 Description: File Browser is a file managing interface. Prior to version 2.63.1, a fix intended to restrict execute permissions for self-registered users was not applied to the proxy authentication handler. This allowed users automatically created on first...
PT-2026-30904
Name of the Vulnerable Software and Affected Versions File Browser versions 2.0.0 through 2.63.1 Description File Browser, a file managing interface, has an issue in its hook system. This system executes administrator-defined shell commands on file events upload, rename, delete. Variable...
File Browser 参数注入漏洞
File Browser is an open-source file management interface developed by File Browser. It allows for the uploading, deletion, previewing, and editing of files within a specified directory. Versions of FileBrowser from 2.0.0 to 2.63.1 have a parameter injection vulnerability. This vulnerability stems...
File Browser 路径遍历漏洞
File Browser is an open-source file management interface developed by File Browser. It allows for the uploading, deletion, previewing, and editing of files within a specified directory. Versions of File Browser prior to 2.63.1 contained a path traversal vulnerability. This vulnerability stemmed...
File Browser 安全漏洞
File Browser is an open-source file management interface developed by File Browser. It allows for the uploading, deletion, previewing, and editing of files within a specified directory. Versions of File Browser prior to 2.63.1 contained security vulnerabilities. These vulnerabilities stemmed from...
PT-2026-30907
Name of the Vulnerable Software and Affected Versions File Browser versions prior to 2.63.1 Description File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. The resourceGetHandler in http/resource.go returns full...
File Browser 安全漏洞
File Browser is an open-source file management interface developed by File Browser. It allows for the uploading, deletion, previewing, and editing of files within a specified directory. Versions of File Browser prior to 2.63.1 contained security vulnerabilities. These vulnerabilities stemmed from...
File Browser 安全漏洞
File Browser is an open-source file management interface developed by File Browser. It allows for the uploading, deletion, previewing, and editing of files within a specified directory. Versions of File Browser prior to 2.63.1 contained security vulnerabilities. These vulnerabilities stemmed from...
PT-2026-30905
Name of the Vulnerable Software and Affected Versions File Browser versions prior to 2.63.1 Description File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. When an administrator revokes a user's Share and Downloa...
CVE-2026-34530
File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to version 2.62.2, the SPA index page in File Browser is vulnerable to Stored Cross-Site Scripting XSS via admin-controlled branding fields. An admin who...
CVE-2026-34529
File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to version 2.62.2, the EPUB preview function in File Browser is vulnerable to Stored Cross-Site Scripting XSS. JavaScript embedded in a crafted EPUB file...
CVE-2026-34528
File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to version 2.62.2, the signupHandler in File Browser applies default user permissions via d.settings.Defaults.Applyuser, then strips only Admin. The Execu...
CVE-2026-34530
File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to version 2.62.2, the SPA index page in File Browser is vulnerable to Stored Cross-Site Scripting XSS via admin-controlled branding fields. An admin who...
CVE-2026-34529
File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to version 2.62.2, the EPUB preview function in File Browser is vulnerable to Stored Cross-Site Scripting XSS. JavaScript embedded in a crafted EPUB file...
CVE-2026-34528
File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to version 2.62.2, the signupHandler in File Browser applies default user permissions via d.settings.Defaults.Applyuser, then strips only Admin. The Execu...
CVE-2026-34530 File Browser is vulnerable to Stored Cross-Site Scripting via text/template branding injection
File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to version 2.62.2, the SPA index page in File Browser is vulnerable to Stored Cross-Site Scripting XSS via admin-controlled branding fields. An admin who...