FileRise — Vulnerabilities & Security Advisories 12

All 12 CVE vulnerabilities found in FileRise, with AI-generated Chinese analysis, references, and POCs.

Vendor: error311

CVE ID	Title	CVSS	Severity	Published
CVE-2026-33477	FileRise has incorrect authorization in /api/file/snippet.php allows read_own users to read other users’ file content CWE-863	4.3	Medium	2026-03-26
CVE-2026-33330	FileRise ONLYOFFICE integration allows read-only users to overwrite files via forged save callback CWE-863	7.1	High	2026-03-24
CVE-2026-33329	FileRise: Path Traversal in `resumableIdentifier` Leading to Arbitrary File Write, Recursive Directory Deletion, and Limited Existence Oracle CWE-22	8.1	High	2026-03-24
CVE-2026-33072	FileRise: Default Encryption Key Enables Token Forgery and Config Decryption CWE-798	8.2	High	2026-03-20
CVE-2026-33071	FileRise: WebDAV upload path bypasses filename validation enforced by regular uploads CWE-434	4.3	Medium	2026-03-20
CVE-2026-33070	FileRise has Unauthenticated Share Link Deletion CWE-306	3.7	Low	2026-03-20
CVE-2026-25231	FileRise affected by an Unauthenticated File Read Due to Insufficient Access Control CWE-284	7.5	High	2026-02-09
CVE-2026-25230	FileRise affected by HTML Injection using color property in file tags CWE-79	4.6	Medium	2026-02-09
CVE-2025-68116	FileRise vulnerable to Cross-Site Scripting (XSS) in SVG File Handling CWE-79	8.9	High	2025-12-16
CVE-2025-66403	FileRise Vulnerable to Stored XSS via SVG Upload CWE-79	4.6	Medium	2025-12-01
CVE-2025-62510	FileRise insecure folder visibility via name-based mapping and incomplete ACL checks CWE-280	8.1	High	2025-10-20
CVE-2025-62509	FileRise improper ownership/permission validation allowed cross-tenant file operations CWE-280	8.1	High	2025-10-20

All 12 known CVE vulnerabilities affecting FileRise with full Chinese analysis, references, and POCs where available.