277 matches found
CVE-2026-35585 vulnerabilities
Vulnerabilities for packages: filebrowser...
GHSA-JVPW-637P-H3PW vulnerabilities
Vulnerabilities for packages: filebrowser...
GHSA-X4JJ-H2V8-HQQV vulnerabilities
Vulnerabilities for packages: telegraf, kine, oras, extism, atlantis, kots, dgraph, paranoia, tigera-operator, kaf, wal-g, cosign, fscrypt, keda, step-ca, kbld, cerbos, redpanda, k3s, licenseclassifier, chezmoi, helm, docker-cli-buildx, scorecard, docker-cli, ko, libnvidia-container,...
GHSA-7MR4-XJXG-34G6 vulnerabilities
Vulnerabilities for packages: telegraf, apisix-ingress-controller, kine, atlantis, kots, dgraph, crossplane-provider-sql, kaf, wal-g, kube-state-metrics, promxy, cluster-autoscaler, kafka-proxy, k8sgpt-operator, memcached-exporter, migrate, cosign, fscrypt, terraform-docs, smarter-device-manager,...
CVE-2026-32289 vulnerabilities
Vulnerabilities for packages: telegraf, apisix-ingress-controller, kine, atlantis, kots, dgraph, crossplane-provider-sql, kaf, wal-g, kube-state-metrics, promxy, cluster-autoscaler, kafka-proxy, k8sgpt-operator, memcached-exporter, migrate, cosign, fscrypt, terraform-docs, smarter-device-manager,...
CVE-2026-32281 vulnerabilities
Vulnerabilities for packages: supercronic, crossplane-provider-sql, kaf, wal-g, k8sgpt-operator, memcached-exporter, ctop, speedtest-go, fscrypt, nri-haproxy, cluster-api, terraform-provider-aws, s5cmd, kubernetes-replicator, azure-workload-identity-webhook, gcsfuse, step, trillian, vt-cli,...
CVE-2026-32288 vulnerabilities
Vulnerabilities for packages: trivy-operator, chartmuseum-fips, flux-source-controller, knative-operator-fips, regclient, oras, spire-server, weaviate, gatekeeper, nuclei, spegel-fips, k3s, external-secrets-operator-fips, amazon-ecs-cni-plugins, docker-cli-fips, crossplane-fips,...
GHSA-X4JJ-H2V8-HQQV vulnerabilities
Vulnerabilities for packages: trivy-operator, chartmuseum-fips, flux-source-controller, knative-operator-fips, regclient, oras, spire-server, weaviate, gatekeeper, nuclei, spegel-fips, k3s, external-secrets-operator-fips, amazon-ecs-cni-plugins, docker-cli-fips, crossplane-fips,...
Improper Privilege Management
Overview Affected versions of this package are vulnerable to Improper Privilege Management in the createUser process in auth/proxy.go when proxy authentication is enabled and default settings include non-empty commands. An attacker can gain unauthorized execution capabilities and access to...
CVE-2026-5709
Unsanitized input in the FileBrowser API in AWS Research and Engineering Studio RES version 2024.10 through 2025.12.01 might allow a remote authenticated actor to execute arbitrary commands on the cluster-manager EC2 instance via crafted input when using the FileBrowser functionality. To remediat...
EUVD-2026-19550
Unsanitized input in the FileBrowser API in AWS Research and Engineering Studio RES version 2024.10 through 2025.12.01 might allow a remote authenticated actor to execute arbitrary commands on the cluster-manager EC2 instance via crafted input when using the FileBrowser functionality. To remediat...
CVE-2026-5709
Unsanitized input in the FileBrowser API in AWS Research and Engineering Studio RES version 2024.10 through 2025.12.01 might allow a remote authenticated actor to execute arbitrary commands on the cluster-manager EC2 instance via crafted input when using the FileBrowser functionality. To remediat...
CVE-2026-5709
Unsanitized input in the FileBrowser API in AWS Research and Engineering Studio RES version 2024.10 through 2025.12.01 might allow a remote authenticated actor to execute arbitrary commands on the cluster-manager EC2 instance via crafted input when using the FileBrowser functionality. To remediat...
CVE-2026-5709 AWS Research and Engineering Studio (RES) FileBrowser Command Injection
Unsanitized input in the FileBrowser API in AWS Research and Engineering Studio RES version 2024.10 through 2025.12.01 might allow a remote authenticated actor to execute arbitrary commands on the cluster-manager EC2 instance via crafted input when using the FileBrowser functionality. To remediat...
CVE-2026-5709
The CVE-2026-5709 entry describes an unsanitized input issue in the FileBrowser API of AWS Research and Engineering Studio (RES) affecting versions 2024.10 through 2025.12.01. A remote authenticated actor could execute arbitrary commands on the cluster-manager EC2 instance via crafted input when ...
CVE-2026-5709 AWS Research and Engineering Studio (RES) FileBrowser Command Injection
Unsanitized input in the FileBrowser API in AWS Research and Engineering Studio RES version 2024.10 through 2025.12.01 might allow a remote authenticated actor to execute arbitrary commands on the cluster-manager EC2 instance via crafted input when using the FileBrowser functionality. To remediat...
PT-2026-30747
Name of the Vulnerable Software and Affected Versions AWS Research and Engineering Studio RES versions 2024.10 through 2025.12.01 Description Improper input validation in the FileBrowser API within AWS Research and Engineering Studio RES could allow a remote authenticated attacker to execute...
Amazon Web Services Research and Engineering Studio 安全漏洞
Amazon Web Services Research and Engineering Studio is a cloud-based research and engineering environment of Amazon, Inc. There are security vulnerabilities in the version dated October 2024 to December 1, 2025 of Amazon Web Services Research and Engineering Studio. These vulnerabilities stem fro...
GO-2026-4820 FileBrowser Quantum has Username Enumeration via Authentication Timing Side-Channel in github.com/gtsteffaniak/filebrowser/backend
FileBrowser Quantum has Username Enumeration via Authentication Timing Side-Channel in github.com/gtsteffaniak/filebrowser/backend...
CVE-2026-30934
FileBrowser Quantum is a free, self-hosted, web-based file manager. Prior to 1.3.1-beta and 1.2.2-stable, Stored XSS is possible via share metadata fields e.g., title, description that are rendered into HTML for /public/share/ without context-aware escaping. The server uses text/template instead ...