CVE-2026-35606

File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to 2.63.1, the resourceGetHandler in http/resource.go returns full text file content without checking the Perm.Download permission flag. All three other...

Starbucks: Possible subdomain takeover at openapi.starbucks.com

@benoculars was able to take advantage of a process flaw to use some of the space provided for openapi.starbucks.com. While we were still securely serving content from this domain and it did not impact users or operations, it would have been possible for @benoculars to serve content from unique...