513 matches found
CVE-2025-53893
CVE-2025-53893 affects the filebrowser/filebrowser 2.38.0 DoS vulnerability where the server loads entire file content into memory during reads (e.g., /files/{file-name} or /api/resources/{file-name}) without size checks, enabling an authenticated user to trigger memory exhaustion and potentially...
PT-2025-29588 · Unknown · Filebrowser
Name of the Vulnerable Software and Affected Versions: File Browser version 2.39.0 Description: File Browser provides a file managing interface within a specified directory, allowing users to upload, delete, preview, rename, and edit files. The authentication system in version 2.39.0 issues...
PT-2025-29583 · Unknown · Filebrowser
Name of the Vulnerable Software and Affected Versions: File Browser version 2.38.0 Description: File Browser provides a file managing interface for managing files within a specified directory, including upload, delete, preview, rename, and edit functionalities. A denial-of-service issue exists in...
FileBrowser Command Injection Vulnerability (CNVD-2025-22706)
FileBrowser is an open source web file browser . Provides a file management interface in a specified directory , can be used to upload , delete , preview , rename and edit your files . FileBrowser suffers from a command injection vulnerability, which is caused by a flaw in the command execution...
FileBrowser has an unspecified vulnerability (CNVD-2025-22704)
FileBrowser is an open source web file browser . Provides a file management interface in a specified directory , can be used to upload , delete , preview , rename and edit your files . FileBrowser has a security vulnerability that originates from an access token passed as a GET parameter, which c...
The vulnerability of the Command Execution function in the file manager for managing files and directories in the File Browser allows a hacker to gain access to read and modify files.
The vulnerability of the Command Execution function in the file manager and File Browser web manager is related to the lack of measures taken to clean data at the management level. Exploiting this vulnerability can allow an attacker, operating remotely, to gain access to read and modify files...
The vulnerability of the web manager for managing files and directories in File Browser, related to the lack of measures taken at the management level to clean up data, allows a perpetrator to execute arbitrary commands.
The vulnerability of the web manager responsible for managing files and directories in File Browser is related to the lack of measures taken to clean data at the management level. Exploiting this vulnerability allows an attacker operating remotely to execute arbitrary commands...
The vulnerability of the web manager for managing files and directories in File Browser, related to the use of default user accounts, allows a perpetrator to execute a brute-force attack.
The vulnerability of the web manager responsible for managing files and directories in File Browser is related to the use of default user accounts. Exploiting this vulnerability could allow a malicious actor to execute a brute-force attack remotely...
CVE-2025-52997
File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. Prior to version 2.34.1, a missing password policy and brute-force protection makes the authentication process insecure. Attackers could mount a...
CVE-2025-52995
File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. Prior to version 2.33.10, the implementation of the allowlist is erroneous, allowing a user to execute more shell commands than they are authorized fo...
CVE-2025-52997
File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. Prior to version 2.34.1, a missing password policy and brute-force protection makes the authentication process insecure. Attackers could mount a...
CVE-2025-52901
File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. Prior to version 2.33.9, access tokens are used as GET parameters. The JSON Web Token JWT which is used as a session identifier will get leaked to...
CVE-2025-52997 File Browser Insecurely Handles Passwords
File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. Prior to version 2.34.1, a missing password policy and brute-force protection makes the authentication process insecure. Attackers could mount a...
CVE-2025-52997
CVE-2025-52997 affects File Browser prior to 2.34.1, where lack of password policy and brute-force protection enables credential guessing attacks that could disclose account passwords. The issue is addressed in version 2.34.1; upgrade to that version or apply the vendor’s fix. Exploitation status...
CVE-2025-52996 File Browser's Password Protection of Links Vulnerable to Bypass
File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. In versions 2.32.0 and prior, the implementation of password protected links is error-prone, resulting in potential unprotected sharing of a file...
CVE-2025-52996 File Browser's Password Protection of Links Vulnerable to Bypass
File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. In versions 2.32.0 and prior, the implementation of password protected links is error-prone, resulting in potential unprotected sharing of a file...
CVE-2025-52995 File Browser vulnerable to command execution allowlist bypass
File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. Prior to version 2.33.10, the implementation of the allowlist is erroneous, allowing a user to execute more shell commands than they are authorized fo...
CVE-2025-52995 File Browser vulnerable to command execution allowlist bypass
File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. Prior to version 2.33.10, the implementation of the allowlist is erroneous, allowing a user to execute more shell commands than they are authorized fo...
CVE-2025-52995 File Browser vulnerable to command execution allowlist bypass
File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. Prior to version 2.33.10, the implementation of the allowlist is erroneous, allowing a user to execute more shell commands than they are authorized fo...
CVE-2025-52995
CVE-2025-52995 concerns File Browser’s command execution allowlist bypass. The bug, present before version 2.33.10, stems from a regex-based allowlist check that uses partial matches, enabling an attacker with the Execute Commands permission to run additional shell commands beyond those explicitl...