| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-35607 | File Browser: Proxy auth auto-provisioned users inherit Execute permission and Commands | filebrowser | filebrowser | High | 8.1 | 2026-04-07 16:31:22 | Deep Dive |
| CVE-2026-35606 | File Browser discloses text file content via /api/resources endpoint bypassing Perm.Download check | filebrowser | filebrowser | - | - | 2026-04-07 16:29:04 | Deep Dive |
| CVE-2026-35605 | File Browser has an access rule bypass via HasPrefix without trailing separator in path matching | filebrowser | filebrowser | - | - | 2026-04-07 16:24:52 | Deep Dive |
| CVE-2026-35604 | File Browser share links remain accessible after Share/Download permissions are revoked | filebrowser | filebrowser | - | - | 2026-04-07 16:22:52 | Deep Dive |
| CVE-2026-35585 | File Browser has a Command Injection via Hook Runner | filebrowser | filebrowser | - | - | 2026-04-07 16:20:46 | Deep Dive |
| CVE-2026-34530 | File Browser is vulnerable to Stored Cross-Site Scripting via text/template branding injection | filebrowser | filebrowser | Medium | 6.9 | 2026-04-01 20:41:09 | Deep Dive |
| CVE-2026-34528 | File Browser's Signup Grants Execution Permissions When Default Permissions Includes Execution | filebrowser | filebrowser | High | 8.1 | 2026-04-01 20:39:32 | Deep Dive |
| CVE-2026-34529 | File Browser is vulnerable to Stored Cross-site Scripting via crafted EPUB file | filebrowser | filebrowser | High | 7.6 | 2026-04-01 20:39:07 | Deep Dive |
| CVE-2026-32761 | File Browser has an Authorization Policy Bypass in its Public Share Download Flow | filebrowser | filebrowser | Medium | 6.5 | 2026-03-19 23:45:34 | Deep Dive |
| CVE-2026-32760 | File Browser Self Registration Grants Any User Admin Access When Default Permissions Include Admin | filebrowser | filebrowser | 中危 | - | 2026-03-19 23:39:54 | Deep Dive |
| CVE-2026-32759 | File Browser TUS Negative Upload-Length Fires Post-Upload Hooks Prematurely | filebrowser | filebrowser | 中危 | - | 2026-03-19 23:31:51 | Deep Dive |
| CVE-2026-32758 | File Browser has an Access Rule Bypass via Path Traversal in Copy/Rename Destination Parameter | filebrowser | filebrowser | Medium | 6.5 | 2026-03-19 23:22:20 | Deep Dive |
| CVE-2026-30934 | FileBrowser Quantum: Stored XSS in public share page via unsanitized share metadata (text/template misuse) | gtsteffaniak | filebrowser | High | 8.9 | 2026-03-10 16:12:23 | Deep Dive |
| CVE-2026-30933 | FileBrowser Quantum Incomplete Remediation of CVE-2026-27611: Password-Protected Share Bypass via /public/api/share/info | gtsteffaniak | filebrowser | High | 7.5 | 2026-03-10 16:10:56 | Deep Dive |
| CVE-2026-28492 | File Browser: Path Traversal in Public Share Links Exposes Files Outside Shared Directory | filebrowser | filebrowser | 高危 | - | 2026-03-05 21:06:21 | Deep Dive |
| CVE-2026-29188 | File Browser: TUS Delete Endpoint Bypasses Delete Permission Check | filebrowser | filebrowser | Critical | 9.1 | 2026-03-05 20:57:57 | Deep Dive |
| CVE-2026-27611 | FileBrowser Quantum: Password Protection Not Enforced on Shared File Links | gtsteffaniak | filebrowser | - | - | 2026-02-25 02:24:48 | Deep Dive |
| CVE-2026-25890 | File Browser has a Path-Based Access Control Bypass via Multiple Leading Slashes in URL | filebrowser | filebrowser | High | 8.1 | 2026-02-09 21:21:51 | Deep Dive |
| CVE-2026-25889 | File Browser has an Authentication Bypass in User Password Update | filebrowser | filebrowser | Medium | 5.4 | 2026-02-09 21:18:13 | Deep Dive |
| CVE-2026-23849 | File Browser vulnerable to Username Enumeration via Timing Attack in /api/login | filebrowser | filebrowser | Medium | 5.3 | 2026-01-19 20:37:30 | Deep Dive |