Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

35 matches found

Github Security Blog
Github Security Blogadded last week9 views

File Browser: Cross-user unauthorized share-link deletion via unbounded prefix match in DeleteWithPathPrefix

Summary A low-privileged authenticated user of filebrowser with create + delete permissions in their own isolated scope can silently destroy share-link records belonging to any other user — including the administrator — by performing a legitimate DELETE on a file in their own directory whose...

5.5AI score0.00029EPSS
Exploits0References4Affected Software2
Positive Technologies
Positive Technologiesadded 2026/06/12 12:0 a.m.5 views

PT-2026-49069

Summary A low-privileged authenticated user of filebrowser with create + delete permissions in their own isolated scope can silently destroy share-link records belonging to any other user — including the administrator — by performing a legitimate DELETE on a file in their own directory whose...

7.2CVSS5.5AI score0.00029EPSS
Exploits0References5
RedhatCVE
RedhatCVEadded 2026/06/05 7:20 p.m.8 views

CVE-2026-41649

Outline is a service that allows for collaborative documentation. The shares.create API endpoint starting in version 0.86.0 and prior to version 1.7.0 has an insecure direct object reference.. When both collectionId and documentId are provided in the request, the authorization logic only checks...

7.7CVSS5.5AI score0.00293EPSS
Exploits1References1
RedhatCVE
RedhatCVEadded 2026/06/05 7:9 p.m.6 views

CVE-2026-35604

File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to 2.63.1, when an admin revokes a user's Share and Download permissions, existing share links created by that user remain fully accessible to...

8.2CVSS5.4AI score0.00332EPSS
Exploits1References1
Nextcloud
Nextcloudadded 2026/05/12 9:13 a.m.10 views

Files drop share links for end-to-end encrypted folders allowed to drop files into other folders of the share owner

None...

3.5CVSS5.8AI score0.00203EPSS
Exploits0References2Affected Software1
EUVD
EUVDadded 2026/04/08 12:4 a.m.2 views

EUVD-2026-19776

File Browser share links remain accessible after Share/Download permissions are revoked...

8.2CVSS5.9AI score0.00332EPSS
Exploits1References3
Snyk
Snykadded 2026/04/08 12:4 a.m.2 views

Incorrect Authorization

Overview github.com/filebrowser/filebrowser/v2/http is a web file browser. Affected versions of this package are vulnerable to Incorrect Authorization due to the withHashFile handler not re-checking the share owner's current permissions. An attacker can access previously created share links and...

8.2CVSS5.7AI score0.00332EPSS
Exploits1References2
Snyk
Snykadded 2026/04/08 12:4 a.m.5 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization due to the withHashFile handler not re-checking the share owner's current permissions. An attacker can access previously created share links and download files without authentication by using a valid but outdated...

8.2CVSS5.8AI score0.00332EPSS
Exploits1References2
Github Security Blog
Github Security Blogadded 2026/04/08 12:4 a.m.7 views

File Browser share links remain accessible after Share/Download permissions are revoked

When an admin revokes a user's Share and Download permissions, existing share links created by that user remain fully accessible to unauthenticated users. The public share download handler does not re-check the share owner's current permissions. Verified with a running PoC against v2.62.2 commit...

8.2CVSS5.9AI score0.00332EPSS
Exploits1References4Affected Software1
OSV
OSVadded 2026/04/08 12:4 a.m.2 views

GHSA-V9W4-GM2X-6RVF File Browser share links remain accessible after Share/Download permissions are revoked

When an admin revokes a user's Share and Download permissions, existing share links created by that user remain fully accessible to unauthenticated users. The public share download handler does not re-check the share owner's current permissions. Verified with a running PoC against v2.62.2 commit...

8.2CVSS5.8AI score0.00332EPSS
Exploits1References4
Cvelist
Cvelistadded 2026/04/07 4:22 p.m.13 views

CVE-2026-35604 File Browser share links remain accessible after Share/Download permissions are revoked

File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to 2.63.1, when an admin revokes a user's Share and Download permissions, existing share links created by that user remain fully accessible to...

8.2CVSS0.00332EPSS
Exploits1References2
CVE
CVEadded 2026/04/07 4:22 p.m.8 views

CVE-2026-35604

The CVE affects File Browser prior to v2.63.1 where public share links created by a user remain accessible to unauthenticated users after the share and download permissions are revoked. The root cause is that the public share download handler does not re-check the share owner’s current permission...

8.2CVSS5.9AI score0.00332EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichmentadded 2026/04/07 4:22 p.m.0 views

CVE-2026-35604 File Browser share links remain accessible after Share/Download permissions are revoked

File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to 2.63.1, when an admin revokes a user's Share and Download permissions, existing share links created by that user remain fully accessible to...

8.2CVSS5.9AI score0.00332EPSS
Exploits1References2
Snyk
Snykadded 2026/03/26 4:56 p.m.3 views

Authorization Bypass Through User-Controlled Key

Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key through the improper enforcement of access controls in the ReadAll and GetTaskAttachment processes. An attacker can gain unauthorized access to and delete file attachments across all...

9.3CVSS5.9AI score
Exploits0References2
RedhatCVE
RedhatCVEadded 2026/03/26 3:16 p.m.1 views

CVE-2026-33070

FileRise is a self-hosted web file manager / WebDAV server. In versions prior to 3.8.0, a missing-authentication vulnerability in the deleteShareLink endpoint allows any unauthenticated user to delete arbitrary file share links by providing only the share token, causing denial of service to share...

4.8CVSS6AI score0.00371EPSS
Exploits1References1
ATTACKERKB
ATTACKERKBadded 2026/03/20 8:25 a.m.4 views

CVE-2026-33070

FileRise is a self-hosted web file manager / WebDAV server. In versions prior to 3.8.0, a missing-authentication vulnerability in the deleteShareLink endpoint allows any unauthenticated user to delete arbitrary file share links by providing only the share token, causing denial of service to share...

3.7CVSS6AI score0.00371EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichmentadded 2026/03/20 8:25 a.m.7 views

CVE-2026-33070 FileRise has Unauthenticated Share Link Deletion

FileRise is a self-hosted web file manager / WebDAV server. In versions prior to 3.8.0, a missing-authentication vulnerability in the deleteShareLink endpoint allows any unauthenticated user to delete arbitrary file share links by providing only the share token, causing denial of service to share...

3.7CVSS6AI score0.00371EPSS
Exploits1References2
Snyk
Snykadded 2026/03/20 2:42 a.m.0 views

Authorization Bypass Through User-Controlled Key

Overview github.com/filebrowser/filebrowser/v2/http is a web file browser. Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the public share links when they retain share privileges share=true. An attacker can access and exfiltrate file...

7.1CVSS5.8AI score0.00424EPSS
Exploits1References2
Snyk
Snykadded 2026/03/20 2:42 a.m.3 views

Authorization Bypass Through User-Controlled Key

Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the public share links when they retain share privileges share=true. An attacker can access and exfiltrate file contents by creating a public share link for files they are not permitt...

7.1CVSS5.8AI score0.00424EPSS
Exploits1References2
Positive Technologies
Positive Technologiesadded 2026/03/20 12:0 a.m.3 views

PT-2026-26587

FileRise is a self-hosted web file manager / WebDAV server. In versions prior to 3.8.0, a missing-authentication vulnerability in the deleteShareLink endpoint allows any unauthenticated user to delete arbitrary file share links by providing only the share token, causing denial of service to share...

3.7CVSS6AI score0.00371EPSS
Exploits1References5
Rows per page
Query Builder