Lucene search
K

600 matches found

CVE
CVE
added yesterday6 views

CVE-2026-62685

The CVE affects File Browser prior to version 2.63.17. The issue arises in how user scopes are built from usernames via cleanUsername() when Signup=true and CreateUserDir=true: the many-to-one normalization can collapse usernames such as team/one, team one, and team-one to the same home directory...

8.1CVSS6.1AI score
Exploits0References3
CVE
CVE
added yesterday5 views

CVE-2026-62843

CVE-2026-62843 affects File Browser (versions 2.63.6–2.63.16). The archive builder calls strings.ReplaceAll(nameInArchive, "\", "/"), which can transform a POSIX filename like ..\..\evil.sh into ../../evil.sh within the generated zip/tar. This enables a user with upload permissions to place a bac...

6.8CVSS6.1AI score
Exploits0References3
EUVD
EUVD
added yesterday4 views

EUVD-2026-44707

File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. From 2.63.6 to 2.63.16, File Browser's archive builder uses strings.ReplaceAllnameInArchive, "", "/", which turns a POSIX filename such as ....\evil.sh into the...

6.8CVSS6.1AI score
Exploits0References3
Cvelist
Cvelist
added yesterday13 views

CVE-2026-62843 File Browser: Archive builder turns backslash filenames into path traversal (zip-slip)

File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. From 2.63.6 to 2.63.16, File Browser's archive builder uses strings.ReplaceAllnameInArchive, "", "/", which turns a POSIX filename such as ....\evil.sh into the...

6.8CVSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added yesterday3 views

CVE-2026-62683

File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to 2.63.17, File Browser can leave a public directory share behind when the shared directory is deleted through a path with a trailing slash because the...

3.1CVSS6.1AI score
Exploits0References4Affected Software1
CVE
CVE
added yesterday5 views

CVE-2026-62683

File Browser (server-side) contains a vulnerability prior to version 2.63.17 where deleting a shared directory with a trailing slash can leave a stale public share behind. The issue arises because the cleanup path calls DeleteWithPathPrefix(file.Path, userID) while the Bolt backend queries the da...

3.1CVSS6.1AI score
Exploits0References3
EUVD
EUVD
added yesterday2 views

EUVD-2026-44705

File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to 2.63.17, File Browser can leave a public directory share behind when the shared directory is deleted through a path with a trailing slash because the...

3.1CVSS6.1AI score
Exploits0References3
Cvelist
Cvelist
added yesterday12 views

CVE-2026-62683 File Browser: Trailing-slash delete leaves a stale public share behind

File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to 2.63.17, File Browser can leave a public directory share behind when the shared directory is deleted through a path with a trailing slash because the...

3.1CVSS
Exploits0References3
Circl
Circl
added 6 days ago7 views

CVE-2026-54089

creationtimestamp| type| source ---|---|--- 2026-07-10 20:16:04+00:00| seen| https://bsky.app/profile/stackflag.bsky.social/post/3mqcxoiwmmg2z 2026-07-10 20:35:14+00:00| published-proof-of-concept| https://github.com/filebrowser/filebrowser/security/advisories/GHSA-xqp3-jq6g-x3qm 2026-07-11...

9.1CVSS6.1AI score0.00337EPSS
Exploits0References3
EUVD
EUVD
added 6 days ago8 views

EUVD-2026-39510

File Browser: Command Injection via Authentication Hook Shell Substitution Pre-Authentication RCE...

9.3CVSS6.1AI score0.00533EPSS
Exploits0References2
EUVD
EUVD
added 6 days ago6 views

EUVD-2026-39508

File Browser: Authentication Bypass via Proxy Auth Header Forgery...

9.1CVSS6.1AI score0.00337EPSS
Exploits0References4
OSV
OSV
added 2026/07/08 2:55 p.m.4 views

CVE-2026-55668 File Browser: ScopedFs follows a dangling symlink on write, letting a scoped user create files outside their scope

File Browser provides a web file managing interface. Prior to 2.63.16, ScopedFs validates the nearest existing ancestor of a dangling symlink as in scope and then follows the symlink during file creation, allowing an authenticated user with Create and Modify permissions to create...

6.3CVSS6.1AI score0.00269EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/07/08 2:55 p.m.33 views

CVE-2026-55668 File Browser: ScopedFs follows a dangling symlink on write, letting a scoped user create files outside their scope

File Browser provides a web file managing interface. Prior to 2.63.16, ScopedFs validates the nearest existing ancestor of a dangling symlink as in scope and then follows the symlink during file creation, allowing an authenticated user with Create and Modify permissions to create...

6.3CVSS0.00269EPSS
Exploits0References3
CVE
CVE
added 2026/07/08 2:55 p.m.12 views

CVE-2026-55668

The CVE affects File Browser’s ScopedFs component prior to version 2.63.16. An authenticated user with Create and Modify permissions can trigger ScopedFs to validate the nearest existing ancestor of a dangling symlink and then follow the symlink during file creation, allowing attacker‑controlled ...

6.3CVSS6AI score0.00269EPSS
Exploits0References3
EUVD
EUVD
added 2026/07/08 2:55 p.m.5 views

EUVD-2026-42272

File Browser provides a web file managing interface. Prior to 2.63.16, ScopedFs validates the nearest existing ancestor of a dangling symlink as in scope and then follows the symlink during file creation, allowing an authenticated user with Create and Modify permissions to create...

6.3CVSS6AI score0.00269EPSS
Exploits0References3
OSV
OSV
added 2026/06/25 10:34 p.m.6 views

GO-2026-5691 File Browser has a DoS Vulnerability via Public Login API in github.com/filebrowser/filebrowser

File Browser has a DoS Vulnerability via Public Login API in github.com/filebrowser/filebrowser...

6.5CVSS5.8AI score0.00484EPSS
Exploits0References3
OSV
OSV
added 2026/06/25 10:34 p.m.5 views

GO-2026-5458 File Browser has incorrect access control for public directory shares via rule path rebasing in github.com/filebrowser/filebrowser

File Browser has incorrect access control for public directory shares via rule path rebasing in github.com/filebrowser/filebrowser...

7.5CVSS5.8AI score0.00471EPSS
Exploits0References3
NVD
NVD
added 2026/06/25 7:16 p.m.12 views

CVE-2026-55667

File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to 2.63.16, a scoped, non-admin File Browser user holding only the Create permission can delete arbitrary files outside their scope other tenants' data, a...

8.2CVSS0.00359EPSS
Exploits0References1
NVD
NVD
added 2026/06/25 7:16 p.m.11 views

CVE-2026-54093

File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to 2.63.6, filebrowser builds the download-as-zip / download-as-tar archive entry names with filepath.ToSlash, which on a Linux host is a no-op for...

6.8CVSS0.00189EPSS
Exploits0References1
NVD
NVD
added 2026/06/25 7:16 p.m.8 views

CVE-2026-54094

File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to 2.63.14, it does not stop the HTTP file handlers from following symbolic links before they open, serve, write, share, or list a file. As a result, a...

7.5CVSS0.0046EPSS
Exploits0References1
Rows per page
Query Builder