Insecure Direct Object Reference (IDOR)

File Browser is vulnerable to an Insecure Direct Object Reference IDOR. The vulnerability is due to insufficient authorization checks in the share deletion functionality, which allows an authenticated attacker with share permissions to delete other users’ shared links by exploiting improper acces...

CVE-2026-35594

CVE-2026-35594 affects Vikunja prior to version 2.3.0, where link-share JWTs were validated entirely from JWT claims without server-side checks. The GetLinkShareFromClaims path builds a LinkSharing object without database validation, allowing previously issued link-share JWTs to retain their orig...

GO-2025-4117 File Browser is Vulnerable to Insecure Direct Object Reference (IDOR) in Share Deletion Function in github.com/filebrowser/filebrowser

File Browser is Vulnerable to Insecure Direct Object Reference IDOR in Share Deletion Function in github.com/filebrowser/filebrowser...

CVE-2025-64523

File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. Versions prior to 2.45.1 have an Insecure Direct Object Reference IDOR vulnerability in the FileBrowser application's share deletion functionality. Th...

EUVD-2025-150363

File Browser is Vulnerable to Insecure Direct Object Reference IDOR in Share Deletion Function...

Improper Authorization

Overview Affected versions of this package are vulnerable to Improper Authorization via the shareDeleteHandler function, which handles deletion requests based solely on the share hash, and does not verify whether the link.UserID matches the currently authenticated user's ID d.user.ID. An attacker...

Improper Authorization

Overview github.com/filebrowser/filebrowser/v2/http is a web file browser. Affected versions of this package are vulnerable to Improper Authorization via the shareDeleteHandler function, which handles deletion requests based solely on the share hash, and does not verify whether the link.UserID...

File Browser is Vulnerable to Insecure Direct Object Reference (IDOR) in Share Deletion Function

Summary It has been found an Insecure Direct Object Reference IDOR vulnerability in the FileBrowser application's share deletion functionality. This vulnerability allows any authenticated user with share permissions to delete other users' shared links without authorization checks. The impact is...

CVE-2025-64523

File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. Versions prior to 2.45.1 have an Insecure Direct Object Reference IDOR vulnerability in the FileBrowser application's share deletion functionality. Th...

CVE-2025-64523 FileBrowser has Insecure Direct Object Reference (IDOR) in Share Deletion Function

File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. Versions prior to 2.45.1 have an Insecure Direct Object Reference IDOR vulnerability in the FileBrowser application's share deletion functionality. Th...

CVE-2025-64523

Summary: The FileBrowser project (github.com/filebrowser/filebrowser/v2/http) has an IDOR vulnerability in the share deletion endpoint. The shareDeleteHandler deletes a share based only on the provided hash, with no check that the share’s owner matches the authenticated user (d.user.ID). This per...

CVE-2025-64523 FileBrowser has Insecure Direct Object Reference (IDOR) in Share Deletion Function

File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. Versions prior to 2.45.1 have an Insecure Direct Object Reference IDOR vulnerability in the FileBrowser application's share deletion functionality. Th...

PT-2025-46766

Name of the Vulnerable Software and Affected Versions File Browser versions prior to 2.45.1 Description File Browser provides a file managing interface for tasks like uploading, deleting, previewing, renaming, and editing files. An Insecure Direct Object Reference IDOR exists in the application's...

FileBrowser 安全漏洞

FileBrowser is an open source web file browser from Seagate. Provides a file management interface in a specified directory for uploading, deleting, previewing, renaming and editing your files. It allows the creation of multiple users , each user can have its own directory . It can be used as a...

Moderate: Red Hat Security Advisory: openstack-manila security update

An update for openstack-manila is now available for Red Hat OpenStack Platform 16 Train. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Deleting received group share for whole group

Platform: ownCloud Server Versions: 10.2.0 Date: 2/28/2020 Risk: Low CVSS v3 Base Score: 3.5 CVSS v3 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N CWE ID: 385 CWE Name: Improper Privilege Management...

CVE-1999-0119

Windows NT 4.0 beta allows users to read and delete shares...