CVE-2025-52996

CVE-2025-52996 affects the File Browser project. In versions ≤ 2.32.0, the password-protected link mechanism is error-prone, allowing unprotected sharing via a direct download link even if a password is set. Exploitation details are documented across multiple sources, including advisories and CVE...

CVE-2025-52996 File Browser's Password Protection of Links Vulnerable to Bypass

File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. In versions 2.32.0 and prior, the implementation of password protected links is error-prone, resulting in potential unprotected sharing of a file...

GHSA-3V48-283X-F2W4 File Browser's password protection of links is bypassable

Summary Files managed by the File Browser can be shared with a link to external persons. While the application allows protecting those links with a password, the implementation is error-prone, making an incidental unprotected sharing of a file possible. Impact File owners might rest in the...

File Browser's password protection of links is bypassable

Summary Files managed by the File Browser can be shared with a link to external persons. While the application allows protecting those links with a password, the implementation is error-prone, making an incidental unprotected sharing of a file possible. Impact File owners might rest in the...

CVE-2023-28112

Discourse is an open-source discussion platform. Prior to version 3.1.0.beta3 of the beta and tests-passed branches, some user provided URLs were being passed to FastImage without SSRF protection. Insufficient protections could enable attackers to trigger outbound network connections from the...

SUSE CVE-2022-29163

Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Prior to versions 22.2.6 and 23.0.3, a user can create a link that is not password protected even if the administrator requires links to be password protected. Versions 22.2.6 and 23.0.3 contain a pat...

CVE-2022-29163 Bypass of password requirements when sharing a folder via the Circles app in Nextcloud Server

Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Prior to versions 22.2.6 and 23.0.3, a user can create a link that is not password protected even if the administrator requires links to be password protected. Versions 22.2.6 and 23.0.3 contain a pat...

Nextcloud 安全漏洞

Nextcloud is a suite of open source, self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. A security vulnerability exists in Nextcloud Server versions prior to 22.2.6, 23.0.3 and prior to 23.0.3, which originates from a user being able to create...

CVE-2020-5182

The J-BusinessDirectory extension before 5.2.9 for Joomla! allows Reverse Tabnabbing. In some configurations, the link to the business website can be entered by any user. If it doesn't contain rel="noopener" or similar attributes such as noreferrer, the tabnabbing may occur. To reproduce the bug,...