Vulnerabilidades em filebrowser
38 resultadosCVE-2026-35585HIGHFile Browser has a Command Injection via Hook RunnerEPSS 1.9%CVE-2026-32759MEDIUMFile Browser TUS Negative Upload-Length Fires Post-Upload Hooks PrematurelyEPSS 1.9%CVE-2025-52903HIGHFile Browser Allows Execution of Shell Commands That Can Spawn Other CommandsEPSS 1.0%CVE-2025-52904HIGHFile Browser: Command Execution not Limited to ScopeEPSS 0.9%CVE-2026-32760CRITICALFile Browser Self Registration Grants Any User Admin Access When Default Permissions Include AdminEPSS 0.7%CVE-2026-34528HIGHFile Browser's Signup Grants Execution Permissions When Default Permissions Includes ExecutionEPSS 0.7%CVE-2026-54088CRITICALFile Browser: Command Injection via Authentication Hook Shell Substitution (Pre-Authentication RCE)EPSS 0.5%CVE-2025-52995HIGHFile Browser vulnerable to command execution allowlist bypassEPSS 0.5%CVE-2025-53826HIGHFileBrowser Has Insecure JWT Handling Which Allows Session Replay Attacks after LogoutEPSS 0.5%CVE-2025-52901MEDIUMFile Browser allows sensitive data to be transferred in URLEPSS 0.5%CVE-2026-29188CRITICALFile Browser: TUS Delete Endpoint Bypasses Delete Permission CheckEPSS 0.5%CVE-2026-54092MEDIUMFile Browser: DoS Vulnerability on Public Login APIEPSS 0.5%CVE-2025-52997MEDIUMFile Browser Insecurely Handles PasswordsEPSS 0.5%CVE-2026-54091HIGHFile Browser: Incorrect access control in public directory shares via rule path rebasingEPSS 0.5%CVE-2026-25890HIGHFile Browser has a Path-Based Access Control Bypass via Multiple Leading Slashes in URLEPSS 0.5%CVE-2026-54094HIGHFile Browser: Symlink following lets scoped users read, overwrite, and share files outside their filebrowser scopeEPSS 0.5%CVE-2026-32761MEDIUMFile Browser has an Authorization Policy Bypass in its Public Share Download FlowEPSS 0.4%CVE-2026-23849MEDIUMFile Browser vulnerable to Username Enumeration via Timing Attack in /api/loginEPSS 0.4%CVE-2026-54097HIGHFile Browser: Cross-user unauthorized share-link deletion via unbounded prefix match in DeleteWithPathPrefixEPSS 0.4%CVE-2026-35605MEDIUMFile Browser has an access rule bypass via HasPrefix without trailing separator in path matchingEPSS 0.4%