Gtsteffaniak
Products
1- 6 CVEs
Recent CVEs
6| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-48777 | Cri | 0.53 | — | 0.00 | Jun 16, 2026 | FileBrowser Quantum is a free, self-hosted, web-based file manager. Versions prior to 1.3.2-stable, 1.4.0-beta and 1.4.1-beta are vulnerable to Path Traversal through the publicPatchHandler in backend/http/public.go which joins user-controlled fromPath and toPath body fields… | ||
| CVE-2026-44542 | Cri | 0.52 | 9.1 | 0.01 | May 14, 2026 | FileBrowser Quantum is a free, self-hosted, web-based file manager. Prior to 1.3.1-stable and 1.3.9-beta, attacker-controlled path input is joined with a trusted base path prior to sanitization, allowing traversal sequences (e.g., ../) to escape the intended shared directory. As… | ||
| CVE-2026-46410 | hig | 0.39 | — | 0.00 | May 19, 2026 | ### Impact Some sensitive info -- such as source and path can get exposed. ### Patches Update to the latest version ### Workarounds no | ||
| CVE-2026-30934 | 0.00 | — | 0.00 | Mar 10, 2026 | FileBrowser Quantum is a free, self-hosted, web-based file manager. Prior to 1.3.1-beta and 1.2.2-stable, Stored XSS is possible via share metadata fields (e.g., title, description) that are rendered into HTML for /public/share/ without context-aware escaping. The server… | |||
| CVE-2026-30933 | 0.00 | — | 0.01 | Mar 10, 2026 | FileBrowser Quantum is a free, self-hosted, web-based file manager. Prior to 1.3.1-beta and 1.2.2-stable, the remediation for CVE-2026-27611 is incomplete. Password protected shares still disclose tokenized downloadURL via /public/api/share/info. This vulnerability is fixed in… | |||
| CVE-2026-27611 | 0.00 | — | 0.00 | Feb 25, 2026 | FileBrowser Quantum is a free, self-hosted, web-based file manager. Prior to versions 1.1.3-stable and 1.2.6-beta, when users share password-protected files, the recipient can completely bypass the password and still download the file. This happens because the API returns a… |
- risk 0.53cvss —epss 0.00
FileBrowser Quantum is a free, self-hosted, web-based file manager. Versions prior to 1.3.2-stable, 1.4.0-beta and 1.4.1-beta are vulnerable to Path Traversal through the publicPatchHandler in backend/http/public.go which joins user-controlled fromPath and toPath body fields…
- risk 0.52cvss 9.1epss 0.01
FileBrowser Quantum is a free, self-hosted, web-based file manager. Prior to 1.3.1-stable and 1.3.9-beta, attacker-controlled path input is joined with a trusted base path prior to sanitization, allowing traversal sequences (e.g., ../) to escape the intended shared directory. As…
- risk 0.39cvss —epss 0.00
### Impact Some sensitive info -- such as source and path can get exposed. ### Patches Update to the latest version ### Workarounds no
- CVE-2026-30934Mar 10, 2026risk 0.00cvss —epss 0.00
FileBrowser Quantum is a free, self-hosted, web-based file manager. Prior to 1.3.1-beta and 1.2.2-stable, Stored XSS is possible via share metadata fields (e.g., title, description) that are rendered into HTML for /public/share/ without context-aware escaping. The server…
- CVE-2026-30933Mar 10, 2026risk 0.00cvss —epss 0.01
FileBrowser Quantum is a free, self-hosted, web-based file manager. Prior to 1.3.1-beta and 1.2.2-stable, the remediation for CVE-2026-27611 is incomplete. Password protected shares still disclose tokenized downloadURL via /public/api/share/info. This vulnerability is fixed in…
- CVE-2026-27611Feb 25, 2026risk 0.00cvss —epss 0.00
FileBrowser Quantum is a free, self-hosted, web-based file manager. Prior to versions 1.1.3-stable and 1.2.6-beta, when users share password-protected files, the recipient can completely bypass the password and still download the file. This happens because the API returns a…