Brute Force

Overview Affected versions of this package are vulnerable to Brute Force due to the lack of password policy and brute-force protection in the authentication process. An attacker can gain unauthorized access to user accounts by performing automated brute-force attacks. Remediation Upgrade...

Brute Force

Overview Affected versions of this package are vulnerable to Brute Force due to the lack of password policy and brute-force protection in the authentication process. An attacker can gain unauthorized access to user accounts by performing automated brute-force attacks. Remediation Upgrade...

Brute Force

Overview Affected versions of this package are vulnerable to Brute Force due to the lack of password policy and brute-force protection in the authentication process. An attacker can gain unauthorized access to user accounts by performing automated brute-force attacks. Remediation Upgrade...

Brute Force

Overview github.com/filebrowser/filebrowser/v2/http is a web file browser. Affected versions of this package are vulnerable to Brute Force due to the lack of password policy and brute-force protection in the authentication process. An attacker can gain unauthorized access to user accounts by...

Brute Force

Overview Affected versions of this package are vulnerable to Brute Force due to the lack of password policy and brute-force protection in the authentication process. An attacker can gain unauthorized access to user accounts by performing automated brute-force attacks. Remediation Upgrade...

Brute Force

Overview Affected versions of this package are vulnerable to Brute Force due to the lack of password policy and brute-force protection in the authentication process. An attacker can gain unauthorized access to user accounts by performing automated brute-force attacks. Remediation Upgrade...

Brute Force

Overview Affected versions of this package are vulnerable to Brute Force due to the lack of password policy and brute-force protection in the authentication process. An attacker can gain unauthorized access to user accounts by performing automated brute-force attacks. Remediation Upgrade...

Brute Force

Overview Affected versions of this package are vulnerable to Brute Force due to the lack of password policy and brute-force protection in the authentication process. An attacker can gain unauthorized access to user accounts by performing automated brute-force attacks. Remediation Upgrade...

CVE-2025-52997

File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. Prior to version 2.34.1, a missing password policy and brute-force protection makes the authentication process insecure. Attackers could mount a...

CVE-2025-52996

File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. In versions 2.32.0 and prior, the implementation of password protected links is error-prone, resulting in potential unprotected sharing of a file...

CVE-2025-52997 File Browser Insecurely Handles Passwords

File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. Prior to version 2.34.1, a missing password policy and brute-force protection makes the authentication process insecure. Attackers could mount a...

CVE-2025-52997

CVE-2025-52997 affects File Browser prior to 2.34.1, where lack of password policy and brute-force protection enables credential guessing attacks that could disclose account passwords. The issue is addressed in version 2.34.1; upgrade to that version or apply the vendor’s fix. Exploitation status...

CVE-2025-52996 File Browser's Password Protection of Links Vulnerable to Bypass

File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. In versions 2.32.0 and prior, the implementation of password protected links is error-prone, resulting in potential unprotected sharing of a file...

CVE-2025-52996 File Browser's Password Protection of Links Vulnerable to Bypass

File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. In versions 2.32.0 and prior, the implementation of password protected links is error-prone, resulting in potential unprotected sharing of a file...

CVE-2025-52996

CVE-2025-52996 affects the File Browser project. In versions ≤ 2.32.0, the password-protected link mechanism is error-prone, allowing unprotected sharing via a direct download link even if a password is set. Exploitation details are documented across multiple sources, including advisories and CVE...

CVE-2025-52996 File Browser's Password Protection of Links Vulnerable to Bypass

File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. In versions 2.32.0 and prior, the implementation of password protected links is error-prone, resulting in potential unprotected sharing of a file...

File Browser vulnerable to insecure password handling

Summary All user accounts authenticate towards a File Browser instance with a password. A missing password policy and brute-force protection makes it impossible for administrators to properly secure the authentication process. Impact Attackers can mount a brute-force attack against the passwords ...

File Browser's password protection of links is bypassable

Summary Files managed by the File Browser can be shared with a link to external persons. While the application allows protecting those links with a password, the implementation is error-prone, making an incidental unprotected sharing of a file possible. Impact File owners might rest in the...

GHSA-3V48-283X-F2W4 File Browser's password protection of links is bypassable

Summary Files managed by the File Browser can be shared with a link to external persons. While the application allows protecting those links with a password, the implementation is error-prone, making an incidental unprotected sharing of a file possible. Impact File owners might rest in the...

Senator Chides FBI for Weak Advice on Mobile Security

Agents with the Federal Bureau of Investigation FBI briefed Capitol Hill staff recently on hardening the security of their mobile devices, after a contacts list stolen from the personal phone of the White House Chief of Staff Susie Wiles was reportedly used to fuel a series of text messages and...