Lucene search
K

6 matches found

OSV
OSV
added 2026/06/12 9:0 p.m.14 views

GHSA-5WW9-JG6Q-38R7 File Browser: Cross-user unauthorized share-link deletion via unbounded prefix match in DeleteWithPathPrefix

Summary A low-privileged authenticated user of filebrowser with create + delete permissions in their own isolated scope can silently destroy share-link records belonging to any other user — including the administrator — by performing a legitimate DELETE on a file in their own directory whose...

7.2CVSS5.5AI score0.00411EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.13 views

PT-2026-49069

Name of the Vulnerable Software and Affected Versions File Browser versions prior to 2.63.6 Description A low-privileged authenticated user with create and delete permissions in their own isolated scope can delete share-link records belonging to any other user, including the administrator. This...

7.2CVSS5.9AI score0.00411EPSS
Exploits0References9
EUVD
EUVD
added 2026/03/20 8:25 a.m.7 views

EUVD-2026-13640

FileRise is a self-hosted web file manager / WebDAV server. In versions prior to 3.8.0, a missing-authentication vulnerability in the deleteShareLink endpoint allows any unauthenticated user to delete arbitrary file share links by providing only the share token, causing denial of service to share...

3.7CVSS6AI score0.00371EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/03/20 8:25 a.m.25 views

CVE-2026-33070 FileRise has Unauthenticated Share Link Deletion

FileRise is a self-hosted web file manager / WebDAV server. In versions prior to 3.8.0, a missing-authentication vulnerability in the deleteShareLink endpoint allows any unauthenticated user to delete arbitrary file share links by providing only the share token, causing denial of service to share...

3.7CVSS0.00371EPSS
Exploits1References2
OSV
OSV
added 2026/03/20 8:25 a.m.5 views

CVE-2026-33070 FileRise has Unauthenticated Share Link Deletion

FileRise is a self-hosted web file manager / WebDAV server. In versions prior to 3.8.0, a missing-authentication vulnerability in the deleteShareLink endpoint allows any unauthenticated user to delete arbitrary file share links by providing only the share token, causing denial of service to share...

3.7CVSS6AI score0.00371EPSS
Exploits1References4
CVE
CVE
added 2026/03/20 8:25 a.m.13 views

CVE-2026-33070

FileRise (self-hosted web file manager / WebDAV) contains an unauthenticated vulnerability in the deleteShareLink endpoint present in versions prior to 3.8.0. The POST /api/file/deleteShareLink.php calls FileController::deleteShareLink() without any authentication, authorization, or CSRF validati...

4.8CVSS6AI score0.00371EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder