CVE-2025-52996 File Browser's Password Protection of Links Vulnerable to Bypass

File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. In versions 2.32.0 and prior, the implementation of password protected links is error-prone, resulting in potential unprotected sharing of a file...

CVE-2025-52996

CVE-2025-52996 affects the File Browser project. In versions ≤ 2.32.0, the password-protected link mechanism is error-prone, allowing unprotected sharing via a direct download link even if a password is set. Exploitation details are documented across multiple sources, including advisories and CVE...

File Browser's password protection of links is bypassable

Summary Files managed by the File Browser can be shared with a link to external persons. While the application allows protecting those links with a password, the implementation is error-prone, making an incidental unprotected sharing of a file possible. Impact File owners might rest in the...

GHSA-3V48-283X-F2W4 File Browser's password protection of links is bypassable

Summary Files managed by the File Browser can be shared with a link to external persons. While the application allows protecting those links with a password, the implementation is error-prone, making an incidental unprotected sharing of a file possible. Impact File owners might rest in the...

CVE-2023-28112

Discourse is an open-source discussion platform. Prior to version 3.1.0.beta3 of the beta and tests-passed branches, some user provided URLs were being passed to FastImage without SSRF protection. Insufficient protections could enable attackers to trigger outbound network connections from the...

SUSE CVE-2022-29163

Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Prior to versions 22.2.6 and 23.0.3, a user can create a link that is not password protected even if the administrator requires links to be password protected. Versions 22.2.6 and 23.0.3 contain a pat...

CVE-2022-29163 Bypass of password requirements when sharing a folder via the Circles app in Nextcloud Server

Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Prior to versions 22.2.6 and 23.0.3, a user can create a link that is not password protected even if the administrator requires links to be password protected. Versions 22.2.6 and 23.0.3 contain a pat...

Nextcloud 安全漏洞

Nextcloud is a suite of open source, self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. A security vulnerability exists in Nextcloud Server versions prior to 22.2.6, 23.0.3 and prior to 23.0.3, which originates from a user being able to create...

CVE-2020-5182

The J-BusinessDirectory extension before 5.2.9 for Joomla! allows Reverse Tabnabbing. In some configurations, the link to the business website can be entered by any user. If it doesn't contain rel="noopener" or similar attributes such as noreferrer, the tabnabbing may occur. To reproduce the bug,...