FileBrowser has an unspecified vulnerability (CNVD-2025-22702)

FileBrowser is an open source web file browser . Provides a file management interface in a specified directory , can be used to upload , delete , preview , rename and edit your files . FileBrowser has a security vulnerability , the vulnerability stems from the file access permissions are not...

CVE-2025-52996 vulnerabilities

Vulnerabilities for packages: filebrowser...

CVE-2025-52904 vulnerabilities

Vulnerabilities for packages: filebrowser...

GHSA-CM2R-RG7R-P7GG vulnerabilities

Vulnerabilities for packages: filebrowser...

CVE-2025-52997 vulnerabilities

Vulnerabilities for packages: filebrowser...

GHSA-3V48-283X-F2W4 vulnerabilities

Vulnerabilities for packages: filebrowser...

GHSA-HC8F-M8G5-8362 vulnerabilities

Vulnerabilities for packages: filebrowser...

CVE-2025-52904 vulnerabilities

Vulnerabilities for packages: filebrowser...

GHSA-CM2R-RG7R-P7GG vulnerabilities

Vulnerabilities for packages: filebrowser...

GHSA-HC8F-M8G5-8362 vulnerabilities

Vulnerabilities for packages: filebrowser...

GHSA-3V48-283X-F2W4 vulnerabilities

Vulnerabilities for packages: filebrowser...

CVE-2025-52996 vulnerabilities

Vulnerabilities for packages: filebrowser...

CVE-2025-52997 vulnerabilities

Vulnerabilities for packages: filebrowser...

Sensitive Information Disclosure

github.com/filebrowser/filebrowser is vulnerable to Sensitive Information Disclosure. The vulnerability is due to exposure of sensitive data in URLs due to the use of access tokens as GET parameters, which can be logged in client- or server-side logs...

Command Injection

github.com/filebrowser/filebrowser is vulnerable to Command Injection. The vulnerability is due to improper allowlist enforcement and flawed implementation that allows users to execute shell commands beyond those explicitly permitted in their user-specific allowlist...

Improper Access Control

github.com/filebrowser/filebrowser is vulnerable to Improper Access Control. The vulnerability is due to an error-prone implementation of password-protected links, which allows an attacker to access shared files without authentication through direct download links obtained from browser history or...

Improper Command Execution Control

github.com/filebrowser/filebrowser is vulnerable to improper command execution control. The vulnerability is due to the misuse of the command execution feature that relies on a predefined allowlist, which can be bypassed using standard commands that support subcommand execution, allowing attacker...

Brute Force

Overview Affected versions of this package are vulnerable to Brute Force due to the lack of password policy and brute-force protection in the authentication process. An attacker can gain unauthorized access to user accounts by performing automated brute-force attacks. Remediation Upgrade...

Brute Force

Overview github.com/filebrowser/filebrowser/v2/http is a web file browser. Affected versions of this package are vulnerable to Brute Force due to the lack of password policy and brute-force protection in the authentication process. An attacker can gain unauthorized access to user accounts by...

Brute Force

Overview Affected versions of this package are vulnerable to Brute Force due to the lack of password policy and brute-force protection in the authentication process. An attacker can gain unauthorized access to user accounts by performing automated brute-force attacks. Remediation Upgrade...