Lucene search
K

54 matches found

Vulnrichment
Vulnrichment
added 2026/05/08 12:21 p.m.9 views

CVE-2026-25077 Apache CloudStack: Unauthenticated Command Injection in Direct Download Templates

Account users are allowed by default to register templates to be downloaded directly to the primary storage for deploying instances using the KVM hypervisor. Due to missing file name sanitization, an attacker can register malicious templates to execute arbitrary code on the KVM hosts. This can...

6.2AI score0.00726EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/08 12:21 p.m.46 views

CVE-2026-25077 Apache CloudStack: Unauthenticated Command Injection in Direct Download Templates

Account users are allowed by default to register templates to be downloaded directly to the primary storage for deploying instances using the KVM hypervisor. Due to missing file name sanitization, an attacker can register malicious templates to execute arbitrary code on the KVM hosts. This can...

0.00726EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2026/03/04 12:25 a.m.4 views

SUSE CVE-2026-27611

FileBrowser Quantum is a free, self-hosted, web-based file manager. Prior to versions 1.1.3-stable and 1.2.6-beta, when users share password-protected files, the recipient can completely bypass the password and still download the file. This happens because the API returns a direct download link i...

7.1CVSS5.8AI score0.00307EPSS
Exploits1References3
EUVD
EUVD
added 2026/02/25 4:0 p.m.7 views

EUVD-2026-8594

FileBrowser Quantum: Password Protection Not Enforced on Shared File Links...

7.1CVSS5.2AI score0.00307EPSS
Exploits1References4
OSV
OSV
added 2026/02/25 4:0 p.m.3 views

GHSA-8VRH-3PM2-V4V6 FileBrowser Quantum: Password Protection Not Enforced on Shared File Links

Summary When users share password-protected files, the recipient can completely bypass the password and still download the file. Details This happens because the API returns a direct download link in the details of the share, which is accessible to anyone with JUST THE SHARE LINK, even without th...

7.1CVSS5.6AI score0.00307EPSS
Exploits1References6
Github Security Blog
Github Security Blog
added 2026/02/25 4:0 p.m.8 views

FileBrowser Quantum: Password Protection Not Enforced on Shared File Links

Summary When users share password-protected files, the recipient can completely bypass the password and still download the file. Details This happens because the API returns a direct download link in the details of the share, which is accessible to anyone with JUST THE SHARE LINK, even without th...

7.1CVSS5.5AI score0.00307EPSS
Exploits1References6Affected Software1
NVD
NVD
added 2026/02/25 3:16 a.m.13 views

CVE-2026-27611

FileBrowser Quantum is a free, self-hosted, web-based file manager. Prior to versions 1.1.3-stable and 1.2.6-beta, when users share password-protected files, the recipient can completely bypass the password and still download the file. This happens because the API returns a direct download link i...

7.1CVSS0.00307EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/02/25 2:24 a.m.5 views

CVE-2026-27611

FileBrowser Quantum is a free, self-hosted, web-based file manager. Prior to versions 1.1.3-stable and 1.2.6-beta, when users share password-protected files, the recipient can completely bypass the password and still download the file. This happens because the API returns a direct download link i...

7.1CVSS5.4AI score0.00307EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2026/02/25 2:24 a.m.5 views

CVE-2026-27611 FileBrowser Quantum: Password Protection Not Enforced on Shared File Links

FileBrowser Quantum is a free, self-hosted, web-based file manager. Prior to versions 1.1.3-stable and 1.2.6-beta, when users share password-protected files, the recipient can completely bypass the password and still download the file. This happens because the API returns a direct download link i...

7.1CVSS5.5AI score0.00307EPSS
Exploits1References4
CNNVD
CNNVD
added 2026/02/25 12:0 a.m.11 views

FileBrowser 安全漏洞

FileBrowser is a web-based file browser developed by Seagate as open source software. It provides an interface for managing files within specified directories, allowing actions such as uploading, deleting, previewing, renaming, and editing files. It supports multiple users, with each user having...

7.1CVSS5.8AI score0.00307EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/02/25 12:0 a.m.9 views

PT-2026-21839

Name of the Vulnerable Software and Affected Versions FileBrowser Quantum versions prior to 1.1.3-stable FileBrowser Quantum versions prior to 1.2.6-beta Description FileBrowser Quantum is a self-hosted, web-based file manager. Prior to versions 1.1.3-stable and 1.2.6-beta, a flaw existed where...

9.9CVSS5.9AI score0.27661EPSS
Exploits45References122
OSV
OSV
added 2025/12/17 9:30 p.m.2 views

GHSA-G6QX-WQ5W-WR8V Mattermost Desktop App exposes sensitive information in its application logs

Mattermost Desktop App versions 6.0.0 fail to sanitize sensitive information from Mattermost logs and clear data on server deletion which allows an attacker with access to the users system to gain access to potentially sensitive information via reading the application logs. A fix is available for...

3.3CVSS6.8AI score0.001EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2025/12/17 9:30 p.m.6 views

Mattermost Desktop App exposes sensitive information in its application logs

Mattermost Desktop App versions 6.0.0 fail to sanitize sensitive information from Mattermost logs and clear data on server deletion which allows an attacker with access to the users system to gain access to potentially sensitive information via reading the application logs. A fix is available for...

3.3CVSS6.8AI score0.001EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2025/12/16 5:16 p.m.12 views

CVE-2025-68116

FileRise is a self-hosted web file manager / WebDAV server. Versions prior to 2.7.1 are vulnerable to Stored Cross-Site Scripting XSS due to unsafe handling of browser-renderable user uploads when served through the sharing and download endpoints. An attacker who can get a crafted SVG primary or...

8.9CVSS0.00223EPSS
Exploits1References1
NVD
NVD
added 2025/11/18 8:15 a.m.8 views

CVE-2025-10089

Uncontrolled Search Path Element Vulnerability in Setting and Operation Application for Lighting Control System MILCO.S Setting Application all versions, MILCO.S Setting Application IR all versions, MILCO.S Easy Setting Application IR all versions, and MILCO.S Easy Switch Application IR all...

7.7CVSS0.00123EPSS
Exploits0References2
Hacker One
Hacker One
added 2025/10/26 10:48 a.m.11 views

Nextcloud: Credential Disclosure via Unvalidated directDownloadUrl (Missing DontAddCredentialsAttribute)

The Nextcloud Desktop Client was found to automatically include user credentials Authorization header with username and password in Base64 when downloading files via the "directDownloadUrl" feature. This allowed a malicious Nextcloud server to specify an attacker-controlled URL, causing the clien...

5.8AI score
Exploits0
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2025-19579

Malicious code in bioql PyPI...

4.3CVSS6.3AI score0.00312EPSS
Exploits1References5
Tenable Nessus
Tenable Nessus
added 2025/09/10 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2020-13239

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The DMS/ECM module in Dolibarr 11.0.4 renders user-uploaded .html files in the browser when the attachment parameter is removed from the direct download link...

5.4CVSS5.6AI score0.00698EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2025/07/02 8:26 p.m.11 views

CVE-2025-52996

File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. In versions 2.32.0 and prior, the implementation of password protected links is error-prone, resulting in potential unprotected sharing of a file...

4.3CVSS7.3AI score0.00312EPSS
Exploits1References1
Snyk
Snyk
added 2025/06/30 8:40 p.m.2 views

Authentication Bypass by Primary Weakness

Overview Affected versions of this package are vulnerable to Authentication Bypass by Primary Weakness via the password protected links process. An attacker can gain unauthorized access to files by obtaining or discovering direct download links, which may be exposed through browser history, proxy...

4.3CVSS6.6AI score0.00312EPSS
Exploits1References2
Rows per page
Query Builder