Lucene search
K

4421 matches found

Metasploit
Metasploit
added 2026/06/25 7:5 p.m.156 views

SMB to Meterpreter Upgrade via PsExec

Upgrades an authenticated SMB session to a Meterpreter session using PsExec techniques. This module uploads a service-wrapped executable payload to the ADMIN$ share via the existing authenticated SMB connection, then creates and starts a Windows service that executes the payload. This mirrors the...

6AI score
Exploits0
OSV
OSV
added 2026/06/25 6:43 p.m.4 views

GO-2026-5383 FileBrowser Public Share DELETE API Path Traversal Allows Unauthenticated Arbitrary File Deletion in github.com/gtsteffaniak/filebrowser

FileBrowser Public Share DELETE API Path Traversal Allows Unauthenticated Arbitrary File Deletion in github.com/gtsteffaniak/filebrowser...

9.1CVSS5.8AI score0.00523EPSS
Exploits1References3
OSV
OSV
added 2026/06/25 6:26 p.m.6 views

GO-2026-5159 File Browser: Cross-user unauthorized share-link deletion via unbounded prefix match in DeleteWithPathPrefix in github.com/filebrowser/filebrowser

File Browser: Cross-user unauthorized share-link deletion via unbounded prefix match in DeleteWithPathPrefix in github.com/filebrowser/filebrowser...

7.2CVSS5.8AI score0.00411EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/25 6:5 p.m.20 views

CVE-2026-56768 Seahub < 13.0.23 - Authentication Bypass in ShareLinkZipTaskView GET Method

Seahub before 13.0.23 does not enforce SHARELINKLOGINREQUIRED on GET /api/v2.1/share-link-zip-task/, allowing unauthenticated users to bypass authentication. Attackers with a folder share-link token can call the GET endpoint to obtain a fileserver zip token and download entire shared directory...

8.8CVSS0.00381EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/25 6:5 p.m.6 views

EUVD-2026-39520

Seahub before 13.0.23 does not enforce SHARELINKLOGINREQUIRED on GET /api/v2.1/share-link-zip-task/, allowing unauthenticated users to bypass authentication. Attackers with a folder share-link token can call the GET endpoint to obtain a fileserver zip token and download entire shared directory...

8.8CVSS5.9AI score0.00381EPSS
Exploits0References5
CVE
CVE
added 2026/06/25 6:5 p.m.16 views

CVE-2026-56768

Vulnerability summary (CVE-2026-56768) Seahub versions before 13.0.23 fail to enforce SHARE_LINK_LOGIN_REQUIRED on GET /api/v2.1/share-link-zip-task/, allowing unauthenticated access when a folder share-link token is present. An attacker can call the GET endpoint to obtain a fileserver zip token ...

8.8CVSS5.9AI score0.00381EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/06/25 5:43 p.m.7 views

CVE-2026-54091

File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to 2.63.6, File Browser's public share handlers rebase the share owner's filesystem root to the shared directory and then evaluate descendant paths agains...

7.5CVSS5.9AI score0.00471EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2026/06/25 5:43 p.m.37 views

CVE-2026-54091

CVE-2026-54091 : File Browser public shares allow information disclosure due to incorrect access control when rebasing the owner’s filesystem root for public share paths. Before 2.63.6, the public share handler sets d.user.Fs to a BasePathFs rooted at the shared directory and then checks access w...

7.5CVSS5.9AI score0.00471EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/25 5:40 p.m.8 views

CVE-2026-54097 File Browser: Cross-user unauthorized share-link deletion via unbounded prefix match in DeleteWithPathPrefix

File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to 2.63.6, a low-privileged authenticated user of filebrowser with create + delete permissions in their own isolated scope can silently destroy share-link...

7.2CVSS5.8AI score0.00411EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/25 5:40 p.m.32 views

CVE-2026-54097 File Browser: Cross-user unauthorized share-link deletion via unbounded prefix match in DeleteWithPathPrefix

File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to 2.63.6, a low-privileged authenticated user of filebrowser with create + delete permissions in their own isolated scope can silently destroy share-link...

7.2CVSS0.00411EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/06/25 5:40 p.m.7 views

CVE-2026-54097

File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to 2.63.6, a low-privileged authenticated user of filebrowser with create + delete permissions in their own isolated scope can silently destroy share-link...

7.2CVSS5.8AI score0.00411EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2026/06/25 5:40 p.m.31 views

CVE-2026-54097

Summary of CVE-2026-54097 (File Browser) : A low-privileged authenticated user with create/delete permissions within their own scope could trigger deletion of other users’ share links by performing a DELETE on a file whose logical path is a byte-prefix of another user’s share.Link.Path. The backe...

7.2CVSS5.8AI score0.00411EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/06/25 5:37 p.m.7 views

CVE-2026-54094

File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to 2.63.14, it does not stop the HTTP file handlers from following symbolic links before they open, serve, write, share, or list a file. As a result, a...

7.5CVSS5.7AI score0.0046EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/06/25 5:37 p.m.30 views

CVE-2026-54094 File Browser: Symlink following lets scoped users read, overwrite, and share files outside their filebrowser scope

File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to 2.63.14, it does not stop the HTTP file handlers from following symbolic links before they open, serve, write, share, or list a file. As a result, a...

7.5CVSS0.0046EPSS
Exploits0References1
CVE
CVE
added 2026/06/25 5:37 p.m.26 views

CVE-2026-54094

CVE-2026-54094 affects the File Browser project. Prior to version 2.63.14, HTTP handlers can follow symlinks inside a scoped user’s directory, allowing read, write, or public-share actions to target files outside the user’s intended scope via two patterns: (1) a final-path symlink escaping the sc...

7.5CVSS5.7AI score0.0046EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/25 5:35 p.m.7 views

CVE-2026-54096

File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to 2.63.7, POST /api/share/ accepts an authenticated request for an arbitrary path and stores a public share record without checking whether the target fi...

8.4CVSS6AI score0.00175EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/06/25 5:35 p.m.29 views

CVE-2026-54096 File Browser: Improper Access Control Occurs via Pre-Created Public Share for a Non-existent Path

File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to 2.63.7, POST /api/share/ accepts an authenticated request for an arbitrary path and stores a public share record without checking whether the target fi...

8.4CVSS0.00175EPSS
Exploits0References1
CVE
CVE
added 2026/06/25 5:35 p.m.22 views

CVE-2026-54096

File Browser exposes a vulnerability: an authenticated user can create a public share for a path that does not yet exist, and that share becomes valid later when a file is created at that path, potentially exposing future files via GET /api/public/dl/. The issue is triggered by POST /api/share/, ...

8.4CVSS6AI score0.00175EPSS
Exploits0References1
OSV
OSV
added 2026/06/25 12:1 p.m.3 views

RLSA-2023:7139 Moderate: samba security, bug fix, and enhancement update

Samba is an open-source implementation of the Server Message Block SMB protocol and the related Common Internet File System CIFS protocol, which allow PC-compatible machines to share files, printers, and various information. The following packages have been upgraded to a later upstream version:...

7.5CVSS6.5AI score0.62606EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.11 views

PT-2026-52577

Use-after-free in PQC hybrid key-share handling. This is an incomplete-fix follow-up to CVE-2026-5460 released in 5.9.1: a malicious TLS 1.3 server sending a truncated PQC hybrid KeyShare can still trigger the error cleanup path to operate on freed memory...

9.8CVSS5.9AI score0.00346EPSS
Exploits0References5
Rows per page
Query Builder