|
601
|
8.4 |
HIGH
Local
|
-
|
-
|
File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to 2.63.7, `POST /api/share/<path>` accepts an authentic…
New
|
CWE-863
Incorrect Authorization
|
CVE-2026-54096
|
2026-06-26 04:58 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
602
|
7.8 |
HIGH
Local
|
-
|
-
|
Glances is an open-source system cross-platform monitoring tool. From 4.0.8 until 4.5.5, the secure_popen() function in glances/secure.py interprets > (file redirection), | (pipe), and && (command ch…
New
|
CWE-22
Path Traversal
|
CVE-2026-53925
|
2026-06-26 04:58 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
603
|
- |
|
-
|
-
|
File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to 2.63.6, the Hook Authentication feature in File Brows…
New
|
CWE-78
CWE-88
CWE-306
OS Command
Argument Injection
Missing Authentication for Critical Function
|
CVE-2026-54088
|
2026-06-26 04:58 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
604
|
9.1 |
CRITICAL
Network
|
-
|
-
|
File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Starting with 2.0.0-rc.1, when FileBrowser is configured with …
New
|
CWE-287
CWE-290
Improper Authentication
Authentication Bypass by Spoofing
|
CVE-2026-54089
|
2026-06-26 04:58 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
605
|
7.5 |
HIGH
Network
|
-
|
-
|
File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to 2.63.6, File Browser's public share handlers rebase t…
New
|
CWE-863
Incorrect Authorization
|
CVE-2026-54091
|
2026-06-26 04:58 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
606
|
- |
|
-
|
-
|
File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to 2.63.6, filebrowser builds the download-as-zip / down…
New
|
CWE-22
Path Traversal
|
CVE-2026-54093
|
2026-06-26 04:58 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
607
|
- |
|
-
|
-
|
Stored Cross-Site Scripting in the exposed AWS API key store of Thinkst Applied Research Canarytokens.
Anonymous exploitation requires knowledge of a random identifier.
This issue affects Can…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-13140
|
2026-06-26 04:52 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
608
|
4.3 |
MEDIUM
Network
|
-
|
-
|
Low‑privileged session IDs generated for the web admin console could be reused in the XML‑RPC API, whose authentication is normally restricted to admin users. An attacker could leverage this to gain …
New
|
CWE-287
Improper Authentication
|
CVE-2026-34917
|
2026-06-26 04:52 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
609
|
0.0 |
NONE
Network
|
-
|
-
|
Low‑privileged users could use their Full Name as a vector for a stored XSS attack. The name is included in system‑generated emails, whose content is stored in the details field of the userlog table.…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-44956
|
2026-06-26 04:52 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
610
|
0.0 |
NONE
Network
|
-
|
-
|
A stored XSS can be exploited by leveraging the usernames as an attack vector. When an admin user viewed the audit log details for affected entries, any malicious JavaScript payload embedded in the u…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-44960
|
2026-06-26 04:52 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
