📦 Filebrowser
by Filebrowser
🔍 What is Filebrowser?
Description coming soon...
🛡️ Security Overview
Click on a severity to filter vulnerabilities
⚠️ Known Vulnerabilities
File Browser version 2.39.0 has an authentication flaw where JWT tokens remain valid indefinitely even after user logout. This allows attackers with stolen tokens to maintain unauthorized access to fi...
This cross-site scripting (XSS) vulnerability in FileBrowser allows authenticated attackers to escalate privileges to Administrator by tricking users into interacting with malicious HTML files or URLs...
In File Browser versions before 2.57.1, authenticated users can bypass file access restrictions by adding extra slashes to file paths in requests. This allows unauthorized access to files that should ...
This CVE describes an Insecure Direct Object Reference (IDOR) vulnerability in File Browser versions before 2.45.1. Any authenticated user with share permissions can delete other users' shared links w...
CVE-2025-52995 is an improper command allowlist vulnerability in File Browser that allows authenticated users to execute unauthorized shell commands. This could lead to arbitrary command execution, fi...
CVE-2025-52903 is a command injection vulnerability in File Browser version 2.32.0 that allows authenticated users with 'Execute commands' permission to bypass allowlist restrictions and execute arbit...
File Browser versions prior to 2.33.7 have a stored cross-site scripting (XSS) vulnerability in the Markdown preview function. When users upload Markdown files containing JavaScript code, that code ex...
A case-sensitivity flaw in File Browser's password validation allows authenticated users to change passwords without providing the current password. By using 'Password' instead of 'password' in API re...
This CVE describes a timing attack vulnerability in File Browser's authentication mechanism that allows unauthenticated attackers to enumerate valid usernames by measuring response time differences. T...
File Browser versions before 2.34.1 lack password policy enforcement and brute-force protection, allowing attackers to guess passwords through repeated authentication attempts. This affects all File B...