| CVE-2026-35607 |
unknown |
— |
— |
|
|
|
2mo ago |
File Browser: Proxy auth auto-provisioned users inherit Execute permission and Commands |
| CVE-2026-35606 |
unknown |
— |
— |
|
|
|
2mo ago |
File Browser discloses text file content via /api/resources endpoint bypassing Perm.Download check |
| CVE-2026-35604 |
unknown |
— |
— |
|
|
|
2mo ago |
File Browser share links remain accessible after Share/Download permissions are revoked |
| CVE-2026-35605 |
unknown |
— |
— |
|
|
|
2mo ago |
File Browser has an access rule bypass via HasPrefix without trailing separator in path matching |
| CVE-2026-35585 |
unknown |
— |
— |
|
|
|
2mo ago |
File Browser has a Command Injection via Hook Runner |
| CVE-2026-34530 |
unknown |
— |
— |
|
|
|
2mo ago |
File Browser vulnerable to Stored Cross-site Scripting via text/template branding injection |
| CVE-2026-34528 |
unknown |
— |
— |
|
|
|
2mo ago |
File Browser's Signup Grants Execution Permissions When Default Permissions Includes Execution |
| CVE-2026-34529 |
unknown |
— |
— |
|
|
|
2mo ago |
File Browser is vulnerable to Stored Cross-site Scripting via crafted EPUB file |
| CVE-2026-32761 |
unknown |
— |
— |
|
|
|
2mo ago |
File Browser has an Authorization Policy Bypass in Public Share Download Flow in github.com/filebrowser/filebrowser |
| CVE-2026-32758 |
unknown |
— |
— |
|
|
|
2mo ago |
File Browser has an Access Rule Bypass via Path Traversal in Copy/Rename Destination Parameter in github.com/filebrowser/filebrowser |
| CVE-2026-32760 |
unknown |
— |
— |
|
|
|
2mo ago |
File Browser Signup Grants Admin When Default Permissions Include Admin in github.com/filebrowser/filebrowser |
| CVE-2026-32759 |
unknown |
— |
— |
|
|
|
2mo ago |
File Browser TUS Negative Upload-Length Fires Post-Upload Hooks Prematurely in github.com/filebrowser/filebrowser |
| CVE-2026-29188 |
unknown |
— |
— |
|
|
|
3mo ago |
File Browser's TUS Delete Endpoint Bypasses Delete Permission Check in github.com/filebrowser/filebrowser |
| CVE-2026-28492 |
unknown |
— |
— |
|
|
|
3mo ago |
FileBrowser has Path Traversal in Public Share Links that Exposes Files Outside Shared Directory in github.com/filebrowser/filebrowser |
| CVE-2026-25890 |
unknown |
— |
— |
|
|
|
4mo ago |
File Browser has a Path-Based Access Control Bypass via Multiple Leading Slashes in URL in github.com/filebrowser/filebrowser |
| CVE-2026-25889 |
unknown |
— |
— |
|
|
|
4mo ago |
File Browser has an Authentication Bypass in User Password Update in github.com/filebrowser/filebrowser |
| CVE-2026-23849 |
unknown |
— |
— |
|
|
|
4mo ago |
File Browser Vulnerable to Username Enumeration via Timing Attack in /api/login in github.com/filebrowser/filebrowser |
| CVE-2025-64523 |
unknown |
— |
— |
|
|
|
7mo ago |
File Browser is Vulnerable to Insecure Direct Object Reference (IDOR) in Share Deletion Function in github.com/filebrowser/filebrowser |
| CVE-2025-53893 |
unknown |
— |
— |
|
|
|
11mo ago |
File Browser's Uncontrolled Memory Consumption vulnerability can enable DoS attack due to oversized file processing in github.com/filebrowser/filebrowser |
| CVE-2025-53826 |
unknown |
— |
— |
|
|
|
11mo ago |
File Browser’s insecure JWT handling can lead to session replay attacks after logout in github.com/filebrowser/filebrowser |
| CVE-2025-52997 |
unknown |
— |
— |
|
|
|
11mo ago |
File Browser vulnerable to insecure password handling in github.com/filebrowser/filebrowser |
| CVE-2025-52996 |
unknown |
— |
— |
|
|
|
11mo ago |
File Browser's password protection of links is bypassable in github.com/filebrowser/filebrowser |
| CVE-2025-52995 |
unknown |
— |
— |
|
|
|
11mo ago |
File Browser vulnerable to command execution allowlist bypass in github.com/filebrowser/filebrowser |
| CVE-2025-52904 |
unknown |
— |
— |
|
|
|
11mo ago |
File Browser: Command Execution not Limited to Scope in github.com/filebrowser/filebrowser |
| CVE-2025-52901 |
unknown |
— |
— |
|
|
|
11mo ago |
File Browser allows sensitive data to be transferred in URL in github.com/filebrowser/filebrowser |
| CVE-2025-52903 |
unknown |
— |
— |
|
|
|
11mo ago |
filebrowser Allows Shell Commands to Spawn Other Commands in github.com/filebrowser/filebrowser |
| CVE-2025-52902 |
unknown |
— |
— |
|
|
|
11mo ago |
filebrowser allows Stored Cross-Site Scripting through the Markdown preview function in github.com/filebrowser/filebrowser |
| CVE-2025-52900 |
unknown |
— |
— |
|
|
|
11mo ago |
filebrowser Sets Insecure File Permissions in github.com/filebrowser/filebrowser |
| CVE-2021-46398 |
unknown |
— |
— |
|
|
|
4y ago |
Cross-site request forgery in github.com/filebrowser/filebrowser/v2 |