Lucene search
K

19 matches found

RedhatCVE
RedhatCVE
added 2026/03/26 3:3 p.m.11 views

CVE-2026-30933

FileBrowser Quantum is a free, self-hosted, web-based file manager. Prior to 1.3.1-beta and 1.2.2-stable, the remediation for CVE-2026-27611 is incomplete. Password protected shares still disclose tokenized downloadURL via /public/api/share/info. This vulnerability is fixed in 1.3.1-beta and...

7.5CVSS5.8AI score0.00544EPSS
Exploits2References1
SUSE CVE
SUSE CVE
added 2026/03/25 12:25 a.m.4 views

SUSE CVE-2026-30933

FileBrowser Quantum is a free, self-hosted, web-based file manager. Prior to 1.3.1-beta and 1.2.2-stable, the remediation for CVE-2026-27611 is incomplete. Password protected shares still disclose tokenized downloadURL via /public/api/share/info. This vulnerability is fixed in 1.3.1-beta and...

7.5CVSS5.8AI score0.00544EPSS
Exploits2References3
NVD
NVD
added 2026/03/10 6:18 p.m.10 views

CVE-2026-30933

FileBrowser Quantum is a free, self-hosted, web-based file manager. Prior to 1.3.1-beta and 1.2.2-stable, the remediation for CVE-2026-27611 is incomplete. Password protected shares still disclose tokenized downloadURL via /public/api/share/info. This vulnerability is fixed in 1.3.1-beta and...

7.5CVSS0.00544EPSS
Exploits2References3
Vulnrichment
Vulnrichment
added 2026/03/10 4:10 p.m.3 views

CVE-2026-30933 FileBrowser Quantum Incomplete Remediation of CVE-2026-27611: Password-Protected Share Bypass via /public/api/share/info

FileBrowser Quantum is a free, self-hosted, web-based file manager. Prior to 1.3.1-beta and 1.2.2-stable, the remediation for CVE-2026-27611 is incomplete. Password protected shares still disclose tokenized downloadURL via /public/api/share/info. This vulnerability is fixed in 1.3.1-beta and...

7.5CVSS5.7AI score0.00544EPSS
Exploits2References3
Cvelist
Cvelist
added 2026/03/10 4:10 p.m.34 views

CVE-2026-30933 FileBrowser Quantum Incomplete Remediation of CVE-2026-27611: Password-Protected Share Bypass via /public/api/share/info

FileBrowser Quantum is a free, self-hosted, web-based file manager. Prior to 1.3.1-beta and 1.2.2-stable, the remediation for CVE-2026-27611 is incomplete. Password protected shares still disclose tokenized downloadURL via /public/api/share/info. This vulnerability is fixed in 1.3.1-beta and...

7.5CVSS0.00544EPSS
Exploits2References3
CVE
CVE
added 2026/03/10 4:10 p.m.21 views

CVE-2026-30933

CVE-2026-30933 (FileBrowser Quantum) affects FileBrowser Quantum prior to the fixed releases 1.3.1-beta and 1.2.2-stable. The issue relates to an incomplete remediation for CVE-2026-27611, where password-protected shares still disclose a tokenized downloadURL via /public/api/share/info. The Red H...

7.5CVSS5.7AI score0.00544EPSS
Exploits2References3Affected Software1
OSV
OSV
added 2026/03/10 4:10 p.m.5 views

CVE-2026-30933 FileBrowser Quantum Incomplete Remediation of CVE-2026-27611: Password-Protected Share Bypass via /public/api/share/info

FileBrowser Quantum is a free, self-hosted, web-based file manager. Prior to 1.3.1-beta and 1.2.2-stable, the remediation for CVE-2026-27611 is incomplete. Password protected shares still disclose tokenized downloadURL via /public/api/share/info. This vulnerability is fixed in 1.3.1-beta and...

7.5CVSS5.8AI score0.00544EPSS
Exploits2References5
Github Security Blog
Github Security Blog
added 2026/03/09 7:48 p.m.16 views

FileBrowser Quantum: Password-Protected Share Bypass via /public/api/share/info

Summary The remediation for CVE-2026-27611 appears incomplete. Password protected shares still disclose tokenized downloadURL via /public/api/share/info in docker image gtstef/filebrowser:1.3.1-webdav-2. Details The issue stems from two flaws: 1. Tokenized download URLs are written into the...

7.5CVSS5.7AI score0.00544EPSS
Exploits2References5Affected Software1
OSV
OSV
added 2026/03/09 7:48 p.m.9 views

GHSA-525J-95GF-766F FileBrowser Quantum: Password-Protected Share Bypass via /public/api/share/info

Summary The remediation for CVE-2026-27611 appears incomplete. Password protected shares still disclose tokenized downloadURL via /public/api/share/info in docker image gtstef/filebrowser:1.3.1-webdav-2. Details The issue stems from two flaws: 1. Tokenized download URLs are written into the...

7.5CVSS5.7AI score0.00544EPSS
Exploits2References5
Positive Technologies
Positive Technologies
added 2026/03/09 12:0 a.m.10 views

PT-2026-24169

Name of the Vulnerable Software and Affected Versions FileBrowser versions prior to 1.3.1-beta and 1.2.2-stable Description An incomplete remediation for a previous issue allows disclosure of tokenized download URLs via the /public/api/share/info endpoint for password-protected shares. The issue...

9.9CVSS5.8AI score0.22162EPSS
Exploits70References138
Positive Technologies
Positive Technologies
added 2024/11/15 12:0 a.m.2 views

PT-2024-35352 · Nextcloud +1 · Nextcloud Enterprise Server +2

Name of the Vulnerable Software and Affected Versions: Nextcloud Server versions prior to 28.0.11 Nextcloud Server versions prior to 29.0.8 Nextcloud Server versions prior to 30.0.1 Nextcloud Enterprise Server versions prior to 25.0.13.13 Nextcloud Enterprise Server versions prior to 26.0.13.9...

9.8CVSS5.8AI score0.01041EPSS
Exploits6References92
Hacker One
Hacker One
added 2024/02/17 2:39 a.m.23 views

Nextcloud: Attachments folder for Text app is accessible on Files Drop/Password protected shares

The Nextcloud Text app's attachments folder was found to be accessible on Files Drop/Password protected shares...

2.6CVSS6.7AI score0.00513EPSS
Exploits0
Hacker One
Hacker One
added 2024/02/17 2:39 a.m.8 views

Nextcloud: Possible to enumerate valid files in password protected shares/files drop shares as well as spam folder with files

The summary is as follows: It was possible to enumerate valid files in password protected shares and file drop shares. Additionally, it was possible to spam the folder with empty files using an attacker-controlled file name. The vulnerability existed in the DocumentAPIControllercreate method, whi...

7.2AI score
Exploits0
OSV
OSV
added 2018/10/30 9:29 p.m.21 views

CVE-2018-16467

A missing check in Nextcloud Server prior to 14.0.0 could give unauthorized access to the previews of single file password protected shares...

5.3CVSS6.8AI score
Exploits0References2
NVD
NVD
added 2018/10/30 9:29 p.m.19 views

CVE-2018-16467

A missing check in Nextcloud Server prior to 14.0.0 could give unauthorized access to the previews of single file password protected shares...

5.3CVSS5.3AI score0.01068EPSS
Exploits1References2
Cvelist
Cvelist
added 2018/10/30 9:0 p.m.28 views

CVE-2018-16467

A missing check in Nextcloud Server prior to 14.0.0 could give unauthorized access to the previews of single file password protected shares...

5.4AI score0.01068EPSS
Exploits1References2
CVE
CVE
added 2018/10/30 9:0 p.m.59 views

CVE-2018-16463

CVE-2018-16463 describes a session-fixation bug in Nextcloud Server, affecting versions prior to 14.0.0, 13.0.3, and 12.0.8, which could allow an attacker to access password-protected shares. Core details provided indicate a vulnerability in Nextcloud Server’s session handling, with the public Ne...

3.6CVSS3.9AI score0.00545EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2018/10/30 9:0 p.m.63 views

CVE-2018-16467

CVE-2018-16467 (Nextcloud Server before 14.0.0) is an improper access‑control vulnerability enabling unauthenticated attackers to bypass password protection for previews of single-file shares via the vulnerable publicpreview.php endpoint. The issue can disclose previews (notably image files) with...

5.3CVSS5.2AI score0.01068EPSS
Exploits1References2Affected Software1
securityvulns
securityvulns
added 2000/06/17 12:0 a.m.53 views

Лазейка в службе Terminal Services, открывающая доступ к ресурсам подключенных к ней клиентов Windows 95/98

Здравствуйте , Лазейка в службе Terminal Services, открывающая доступ к ресурсам подключенных к ней клиентов Windows 95/98 Network World http://www.nwfusion.com Если Вы работаете на сервере Windows 2000 с установленным терминальным сервисом Terminal Services, то должны знать о его потенциальной...

Exploits0
Rows per page
Query Builder