CVE-2025-53826 FileBrowser Has Insecure JWT Handling Which Allows Session Replay Attacks after Logout

File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename, and edit files. In version 2.39.0, File Browser’s authentication system issues long-lived JWT tokens that remain valid even after the user logs out. As of time of...

CVE-2025-53826 FileBrowser Has Insecure JWT Handling Which Allows Session Replay Attacks after Logout

File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename, and edit files. In version 2.39.0, File Browser’s authentication system issues long-lived JWT tokens that remain valid even after the user logs out. As of time of...

CVE-2025-52997

CVE-2025-52997 affects File Browser prior to 2.34.1, where lack of password policy and brute-force protection enables credential guessing attacks that could disclose account passwords. The issue is addressed in version 2.34.1; upgrade to that version or apply the vendor’s fix. Exploitation status...

CVE-2025-52904

CVE-2025-52904 affects Filebrowser (v2.32.0) where the Command Execution feature is not scoped per user, allowing shell commands to run with the server process UID and access files across all scopes, potentially exposing the password database and enabling unauthorized read/write access. The repor...

CVE-2025-52902

CVE-2025-52902 concerns the open‑source File Browser project, where the Markdown preview feature in versions before 2.33.7 is vulnerable to Stored Cross‑Site Scripting (XSS). If a user uploads a Markdown file containing JavaScript, the code can be executed when another user previews the file. The...

CVE-2015-9349

The ckeditor-for-wordpress plugin before 4.5.3.1 for WordPress has reflected XSS in the "built-in old" file browser...