Lucene search
K

6 matches found

CVE
CVE
added 2026/03/26 5:9 p.m.14 views

CVE-2026-33477

CVE-2026-33477 affects FileRise (self-hosted file manager). A server-side authorization flaw in the /api/file/snippet.php endpoint allows an authenticated user with only read_own access to retrieve snippet content from files uploaded by other users within the same folder. The issue exists in vers...

4.3CVSS5.8AI score0.00225EPSS
Exploits1References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/20 8:31 a.m.3 views

CVE-2026-33072

FileRise is a self-hosted web file manager / WebDAV server. In versions prior to 3.9.0, a hardcoded default encryption key defaultpleasechangethiskey is used for all cryptographic operations — HMAC token generation, AES config encryption, and session tokens — allowing any unauthenticated attacker...

8.2CVSS5.9AI score0.00225EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2026/03/20 8:27 a.m.8 views

CVE-2026-33071

CVE-2026-33071 concerns FileRise, a self-hosted web file manager/WebDAV server. Affected versions prior to 3.8.0 allow WebDAV uploads to bypass the filename validation enforced by the regular upload path, since createFile() and put() accept filenames directly from the WebDAV client without valida...

8.8CVSS6.1AI score0.00621EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/20 8:25 a.m.8 views

CVE-2026-33070 FileRise has Unauthenticated Share Link Deletion

FileRise is a self-hosted web file manager / WebDAV server. In versions prior to 3.8.0, a missing-authentication vulnerability in the deleteShareLink endpoint allows any unauthenticated user to delete arbitrary file share links by providing only the share token, causing denial of service to share...

3.7CVSS6AI score0.00371EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/03/20 12:0 a.m.7 views

FileRise 访问控制错误漏洞

FileRise is a lightweight, self-hosted web-based file manager developed by Ryan. Versions of FileRise prior to 3.8.0 contained an access control vulnerability caused by a lack of authentication in the deleteShareLink endpoint. This vulnerability could lead to arbitrary shared links being deleted...

4.8CVSS5.9AI score0.00371EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2025/10/20 12:0 a.m.5 views

PT-2025-42793

Name of the Vulnerable Software and Affected Versions FileRise versions prior to 1.5.0 Description FileRise is a self-hosted web-based file manager offering multi-file upload, editing, and batch operations. A regression in version 1.4.0 permitted the inference of folder visibility and ownership...

8.1CVSS6.2AI score0.00279EPSS
Exploits0References10
Rows per page
Query Builder