Lucene search
K

41 matches found

Positive Technologies
Positive Technologies
added 2026/07/07 12:0 a.m.7 views

PT-2026-56245

Name of the Vulnerable Software and Affected Versions DataEase versions prior to 2.10.24 Description A share mode chart data interface fails to validate whether the tableId and field IDs provided in the request body belong to the shared resource. It only verifies that the sceneId matches the...

7.1CVSS6.1AI score0.00238EPSS
Exploits0References7
NVD
NVD
added 2026/06/25 7:16 p.m.10 views

CVE-2026-54097

File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to 2.63.6, a low-privileged authenticated user of filebrowser with create + delete permissions in their own isolated scope can silently destroy share-link...

7.2CVSS0.00411EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/25 5:40 p.m.8 views

CVE-2026-54097 File Browser: Cross-user unauthorized share-link deletion via unbounded prefix match in DeleteWithPathPrefix

File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to 2.63.6, a low-privileged authenticated user of filebrowser with create + delete permissions in their own isolated scope can silently destroy share-link...

7.2CVSS5.8AI score0.00411EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/25 5:40 p.m.32 views

CVE-2026-54097 File Browser: Cross-user unauthorized share-link deletion via unbounded prefix match in DeleteWithPathPrefix

File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to 2.63.6, a low-privileged authenticated user of filebrowser with create + delete permissions in their own isolated scope can silently destroy share-link...

7.2CVSS0.00411EPSS
Exploits0References3
CVE
CVE
added 2026/06/25 5:40 p.m.32 views

CVE-2026-54097

Summary of CVE-2026-54097 (File Browser) : A low-privileged authenticated user with create/delete permissions within their own scope could trigger deletion of other users’ share links by performing a DELETE on a file whose logical path is a byte-prefix of another user’s share.Link.Path. The backe...

7.2CVSS5.8AI score0.00411EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/06/25 5:40 p.m.7 views

CVE-2026-54097

File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to 2.63.6, a low-privileged authenticated user of filebrowser with create + delete permissions in their own isolated scope can silently destroy share-link...

7.2CVSS5.8AI score0.00411EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/12 9:0 p.m.15 views

File Browser: Cross-user unauthorized share-link deletion via unbounded prefix match in DeleteWithPathPrefix

Summary A low-privileged authenticated user of filebrowser with create + delete permissions in their own isolated scope can silently destroy share-link records belonging to any other user — including the administrator — by performing a legitimate DELETE on a file in their own directory whose...

7.2CVSS5.5AI score0.00411EPSS
Exploits0References4Affected Software2
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.13 views

PT-2026-49069

Name of the Vulnerable Software and Affected Versions File Browser versions prior to 2.63.6 Description A low-privileged authenticated user with create and delete permissions in their own isolated scope can delete share-link records belonging to any other user, including the administrator. This...

7.2CVSS5.9AI score0.00411EPSS
Exploits0References9
RedhatCVE
RedhatCVE
added 2026/06/05 7:20 p.m.12 views

CVE-2026-41649

Outline is a service that allows for collaborative documentation. The shares.create API endpoint starting in version 0.86.0 and prior to version 1.7.0 has an insecure direct object reference.. When both collectionId and documentId are provided in the request, the authorization logic only checks...

7.7CVSS5.5AI score0.00293EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:9 p.m.10 views

CVE-2026-35604

File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to 2.63.1, when an admin revokes a user's Share and Download permissions, existing share links created by that user remain fully accessible to...

8.2CVSS5.4AI score0.00332EPSS
Exploits1References1
Nextcloud
Nextcloud
added 2026/05/12 9:13 a.m.25 views

Files drop share links for end-to-end encrypted folders allowed to drop files into other folders of the share owner

None...

3.5CVSS5.8AI score0.00203EPSS
Exploits0References2Affected Software1
Snyk
Snyk
added 2026/04/08 12:4 a.m.7 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization due to the withHashFile handler not re-checking the share owner's current permissions. An attacker can access previously created share links and download files without authentication by using a valid but outdated...

8.2CVSS5.8AI score0.00332EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2026/04/08 12:4 a.m.12 views

File Browser share links remain accessible after Share/Download permissions are revoked

When an admin revokes a user's Share and Download permissions, existing share links created by that user remain fully accessible to unauthenticated users. The public share download handler does not re-check the share owner's current permissions. Verified with a running PoC against v2.62.2 commit...

8.2CVSS5.9AI score0.00332EPSS
Exploits1References4Affected Software1
Snyk
Snyk
added 2026/04/08 12:4 a.m.4 views

Incorrect Authorization

Overview github.com/filebrowser/filebrowser/v2/http is a web file browser. Affected versions of this package are vulnerable to Incorrect Authorization due to the withHashFile handler not re-checking the share owner's current permissions. An attacker can access previously created share links and...

8.2CVSS5.7AI score0.00332EPSS
Exploits1References2
OSV
OSV
added 2026/04/08 12:4 a.m.4 views

GHSA-V9W4-GM2X-6RVF File Browser share links remain accessible after Share/Download permissions are revoked

When an admin revokes a user's Share and Download permissions, existing share links created by that user remain fully accessible to unauthenticated users. The public share download handler does not re-check the share owner's current permissions. Verified with a running PoC against v2.62.2 commit...

8.2CVSS5.8AI score0.00332EPSS
Exploits1References4
EUVD
EUVD
added 2026/04/08 12:4 a.m.4 views

EUVD-2026-19776

File Browser share links remain accessible after Share/Download permissions are revoked...

8.2CVSS5.9AI score0.00332EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/04/07 4:22 p.m.17 views

CVE-2026-35604 File Browser share links remain accessible after Share/Download permissions are revoked

File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to 2.63.1, when an admin revokes a user's Share and Download permissions, existing share links created by that user remain fully accessible to...

8.2CVSS0.00332EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/04/07 4:22 p.m.1 views

CVE-2026-35604 File Browser share links remain accessible after Share/Download permissions are revoked

File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to 2.63.1, when an admin revokes a user's Share and Download permissions, existing share links created by that user remain fully accessible to...

8.2CVSS5.9AI score0.00332EPSS
Exploits1References2
CVE
CVE
added 2026/04/07 4:22 p.m.15 views

CVE-2026-35604

The CVE affects File Browser prior to v2.63.1 where public share links created by a user remain accessible to unauthenticated users after the share and download permissions are revoked. The root cause is that the public share download handler does not re-check the share owner’s current permission...

8.2CVSS5.9AI score0.00332EPSS
Exploits1References2Affected Software1
Snyk
Snyk
added 2026/03/26 4:56 p.m.5 views

Authorization Bypass Through User-Controlled Key

Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key through the improper enforcement of access controls in the ReadAll and GetTaskAttachment processes. An attacker can gain unauthorized access to and delete file attachments across all...

9.3CVSS5.9AI score
Exploits0References2
Rows per page
Query Builder