Lucene search
K

24 matches found

Veracode
Veracode
added 2026/05/08 7:17 a.m.18 views

Insecure Direct Object Reference (IDOR)

File Browser is vulnerable to an Insecure Direct Object Reference IDOR. The vulnerability is due to insufficient authorization checks in the share deletion functionality, which allows an authenticated attacker with share permissions to delete other users’ shared links by exploiting improper acces...

8.8CVSS5.8AI score0.00384EPSS
Exploits1References4Affected Software2
Vulnrichment
Vulnrichment
added 2026/04/10 3:55 p.m.4 views

CVE-2026-35594 Vikunja Link Share JWT tokens remain valid for 72 hours after share deletion or permission downgrade

Vikunja is an open-source self-hosted task management platform. Prior to 2.3.0, Vikunja's link share authentication GetLinkShareFromClaims in pkg/models/linksharing.go constructs authorization objects entirely from JWT claims without any server-side database validation. When a project owner delet...

6.5CVSS5.7AI score0.00268EPSS
Exploits1References4
CVE
CVE
added 2026/04/10 3:55 p.m.12 views

CVE-2026-35594

CVE-2026-35594 affects Vikunja prior to version 2.3.0, where link-share JWTs were validated entirely from JWT claims without server-side checks. The GetLinkShareFromClaims path builds a LinkSharing object without database validation, allowing previously issued link-share JWTs to retain their orig...

6.5CVSS5.7AI score0.00268EPSS
Exploits1References4Affected Software1
SUSE CVE
SUSE CVE
added 2026/03/28 12:24 a.m.6 views

SUSE CVE-2026-33700

Vikunja is an open-source self-hosted task management platform. Prior to version 2.2.1, the DELETE /api/v1/projects/:project/shares/:share endpoint does not verify that the link share belongs to the project specified in the URL. An attacker with admin access to any project can delete link shares...

6.9CVSS5.9AI score0.00205EPSS
Exploits0References3
OSV
OSV
added 2026/03/24 3:51 p.m.8 views

CVE-2026-33700 Vikunja has a Link Share Delete IDOR — Missing Project Ownership Check Allows Cross-Project Link Share Deletion

Vikunja is an open-source self-hosted task management platform. Prior to version 2.2.1, the DELETE /api/v1/projects/:project/shares/:share endpoint does not verify that the link share belongs to the project specified in the URL. An attacker with admin access to any project can delete link shares...

6.9CVSS6.3AI score0.00205EPSS
Exploits0References4
OSV
OSV
added 2025/11/17 7:11 p.m.5 views

GO-2025-4117 File Browser is Vulnerable to Insecure Direct Object Reference (IDOR) in Share Deletion Function in github.com/filebrowser/filebrowser

File Browser is Vulnerable to Insecure Direct Object Reference IDOR in Share Deletion Function in github.com/filebrowser/filebrowser...

8.8CVSS6.6AI score0.00384EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2025/11/13 11:8 p.m.3 views

CVE-2025-64523

File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. Versions prior to 2.45.1 have an Insecure Direct Object Reference IDOR vulnerability in the FileBrowser application's share deletion functionality. Th...

7.2CVSS6.6AI score0.00384EPSS
Exploits1References1
Snyk
Snyk
added 2025/11/13 10:34 p.m.5 views

Improper Authorization

Overview github.com/filebrowser/filebrowser/v2/http is a web file browser. Affected versions of this package are vulnerable to Improper Authorization via the shareDeleteHandler function, which handles deletion requests based solely on the share hash, and does not verify whether the link.UserID...

8.8CVSS6.8AI score0.00384EPSS
Exploits1References2
Snyk
Snyk
added 2025/11/13 10:34 p.m.4 views

Improper Authorization

Overview Affected versions of this package are vulnerable to Improper Authorization via the shareDeleteHandler function, which handles deletion requests based solely on the share hash, and does not verify whether the link.UserID matches the currently authenticated user's ID d.user.ID. An attacker...

8.8CVSS6.8AI score0.00384EPSS
Exploits1References2
EUVD
EUVD
added 2025/11/13 10:34 p.m.5 views

EUVD-2025-150363

File Browser is Vulnerable to Insecure Direct Object Reference IDOR in Share Deletion Function...

7.2CVSS6.3AI score0.00384EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2025/11/13 10:34 p.m.10 views

File Browser is Vulnerable to Insecure Direct Object Reference (IDOR) in Share Deletion Function

Summary It has been found an Insecure Direct Object Reference IDOR vulnerability in the FileBrowser application's share deletion functionality. This vulnerability allows any authenticated user with share permissions to delete other users' shared links without authorization checks. The impact is...

8.8CVSS6.6AI score0.00384EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2025/11/13 10:34 p.m.3 views

GHSA-6CQF-CFHV-659G File Browser is Vulnerable to Insecure Direct Object Reference (IDOR) in Share Deletion Function

Summary It has been found an Insecure Direct Object Reference IDOR vulnerability in the FileBrowser application's share deletion functionality. This vulnerability allows any authenticated user with share permissions to delete other users' shared links without authorization checks. The impact is...

8.8CVSS6.5AI score0.00384EPSS
Exploits1References4
NVD
NVD
added 2025/11/12 11:15 p.m.4 views

CVE-2025-64523

File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. Versions prior to 2.45.1 have an Insecure Direct Object Reference IDOR vulnerability in the FileBrowser application's share deletion functionality. Th...

8.8CVSS0.00384EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2025/11/12 10:11 p.m.5 views

CVE-2025-64523 FileBrowser has Insecure Direct Object Reference (IDOR) in Share Deletion Function

File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. Versions prior to 2.45.1 have an Insecure Direct Object Reference IDOR vulnerability in the FileBrowser application's share deletion functionality. Th...

7.2CVSS6.2AI score0.00384EPSS
Exploits1References2
CVE
CVE
added 2025/11/12 10:11 p.m.59 views

CVE-2025-64523

Summary: The FileBrowser project (github.com/filebrowser/filebrowser/v2/http) has an IDOR vulnerability in the share deletion endpoint. The shareDeleteHandler deletes a share based only on the provided hash, with no check that the share’s owner matches the authenticated user (d.user.ID). This per...

8.8CVSS6.2AI score0.00384EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2025/11/12 10:11 p.m.11 views

CVE-2025-64523 FileBrowser has Insecure Direct Object Reference (IDOR) in Share Deletion Function

File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. Versions prior to 2.45.1 have an Insecure Direct Object Reference IDOR vulnerability in the FileBrowser application's share deletion functionality. Th...

7.2CVSS0.00384EPSS
Exploits1References2
OSV
OSV
added 2025/11/12 10:11 p.m.5 views

CVE-2025-64523 FileBrowser has Insecure Direct Object Reference (IDOR) in Share Deletion Function

File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. Versions prior to 2.45.1 have an Insecure Direct Object Reference IDOR vulnerability in the FileBrowser application's share deletion functionality. Th...

7.2CVSS6.5AI score0.00384EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2025/11/12 12:0 a.m.8 views

PT-2025-46766

Name of the Vulnerable Software and Affected Versions File Browser versions prior to 2.45.1 Description File Browser provides a file managing interface for tasks like uploading, deleting, previewing, renaming, and editing files. An Insecure Direct Object Reference IDOR exists in the application's...

8.8CVSS6.5AI score0.00384EPSS
Exploits1References13
CNNVD
CNNVD
added 2025/11/12 12:0 a.m.6 views

FileBrowser 安全漏洞

FileBrowser is an open source web file browser from Seagate. Provides a file management interface in a specified directory for uploading, deleting, previewing, renaming and editing your files. It allows the creation of multiple users , each user can have its own directory . It can be used as a...

8.8CVSS6.3AI score0.00384EPSS
Exploits1References3
RedHat Linux
RedHat Linux
added 2020/05/14 12:8 p.m.56 views

Moderate: Red Hat Security Advisory: openstack-manila security update

An update for openstack-manila is now available for Red Hat OpenStack Platform 16 Train. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

8.3CVSS7.2AI score0.01153EPSS
Exploits1References3
Rows per page
Query Builder