1031 matches found
CVE-2026-34528
File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to version 2.62.2, the signupHandler in File Browser applies default user permissions via d.settings.Defaults.Applyuser, then strips only Admin. The Execu...
CVE-2026-34528 File Browser's Signup Grants Execution Permissions When Default Permissions Includes Execution
File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to version 2.62.2, the signupHandler in File Browser applies default user permissions via d.settings.Defaults.Applyuser, then strips only Admin. The Execu...
CVE-2026-34528
CVE-2026-34528 — File Browser : Multiple sources confirm that prior to version 2.62.2, the signupHandler copies all default permissions and only strips Admin, leaving Execute and Commands intact. If signup is enabled and Execute=true with default commands, an unauthenticated self-registered user ...
CVE-2026-34528 File Browser's Signup Grants Execution Permissions When Default Permissions Includes Execution
File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to version 2.62.2, the signupHandler in File Browser applies default user permissions via d.settings.Defaults.Applyuser, then strips only Admin. The Execu...
File Browser 安全漏洞
File Browser is an open-source file management interface developed by File Browser. It allows for the uploading, deletion, previewing, and editing of files within a specified directory. Versions of File Browser prior to 2.62.2 contained security vulnerabilities. These vulnerabilities stemmed from...
Incorrect Privilege Assignment
Overview Affected versions of this package are vulnerable to Incorrect Privilege Assignment in the signupHandler in File Browser. An attacker can gain unauthorized command execution capabilities by self-registering when server-side execution is enabled and the default user template includes...
GHSA-X8JC-JVQM-PM3F File Browser's Signup Grants Execution Permissions When Default Permissions Includes Execution
Summary The signupHandler in File Browser applies default user permissions via d.settings.Defaults.Applyuser, then strips only Admin commit a63573b. The Execute permission and Commands list from the default user template are not stripped. When an administrator has enabled signup, server-side...
File Browser's Signup Grants Execution Permissions When Default Permissions Includes Execution
Summary The signupHandler in File Browser applies default user permissions via d.settings.Defaults.Applyuser, then strips only Admin commit a63573b. The Execute permission and Commands list from the default user template are not stripped. When an administrator has enabled signup, server-side...
PT-2026-29425
Name of the Vulnerable Software and Affected Versions: File Browser versions prior to 2.62.2 Description: File Browser's signupHandler incorrectly applies default user permissions. Specifically, it copies all permissions from the default settings and then only strips the Admin permission, leaving...
CVE-2026-4990
A security vulnerability has been detected in chatwoot up to 4.11.1. The affected element is an unknown function of the file /app/login of the component Signup Endpoint. Such manipulation of the argument signupEnabled with the input true leads to improper authorization. The attack can be executed...
EUVD-2026-16896
A security vulnerability has been detected in chatwoot up to 4.11.1. The affected element is an unknown function of the file /app/login of the component Signup Endpoint. Such manipulation of the argument signupEnabled with the input true leads to improper authorization. The attack can be executed...
SUSE CVE-2026-32760
File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. In versions 2.61.2 and below, any unauthenticated visitor can register a full administrator account when self-registration signup = true is enabled and the...
CVE-2026-4990
A security vulnerability has been detected in chatwoot up to 4.11.1. The affected element is an unknown function of the file /app/login of the component Signup Endpoint. Such manipulation of the argument signupEnabled with the input true leads to improper authorization. The attack can be executed...
CVE-2026-4990 chatwoot Signup Endpoint login improper authorization
A security vulnerability has been detected in chatwoot up to 4.11.1. The affected element is an unknown function of the file /app/login of the component Signup Endpoint. Such manipulation of the argument signupEnabled with the input true leads to improper authorization. The attack can be executed...
CVE-2026-4990
A security vulnerability has been detected in chatwoot up to 4.11.1. The affected element is an unknown function of the file /app/login of the component Signup Endpoint. Such manipulation of the argument signupEnabled with the input true leads to improper authorization. The attack can be executed...
CVE-2026-4990 chatwoot Signup Endpoint login improper authorization
A security vulnerability has been detected in chatwoot up to 4.11.1. The affected element is an unknown function of the file /app/login of the component Signup Endpoint. Such manipulation of the argument signupEnabled with the input true leads to improper authorization. The attack can be executed...
CVE-2026-4990
Chatwoot
PT-2026-28708
Name of the Vulnerable Software and Affected Versions chatwoot versions prior to 4.11.1 Description A security issue exists in chatwoot that allows for improper authorization. This occurs through manipulation of the signupEnabled argument with the input true within an unknown function of the...
Chatwoot 安全漏洞
Chatwoot is an open-source application developed by Chatwoot itself. It serves as an alternative to proprietary solutions such as customer engagement suites, intercom systems, Zendesk, and Salesforce service clouds. Chatwoot versions 4.11.1 and earlier contain security vulnerabilities, which stem...
GO-2026-4710 File Browser Signup Grants Admin When Default Permissions Include Admin in github.com/filebrowser/filebrowser
File Browser Signup Grants Admin When Default Permissions Include Admin in github.com/filebrowser/filebrowser...