As part of our ongoing research and consulting efforts, we frequently discover vulnerabilities in third-party products. Committed to enhancing the security of the digital ecosystem, we publish detailed security advisories according our vulnerability disclosure policy. You can find the full security advisories with complete details in our Github repository.
Below is an overview of our latest security advisories:
-
Filebrowser Insecure Password Handling (CVE-2025-52997)
July 24, 2025 -
Filebrowser Password Protection of Links Bypassable (CVE-2025-52996)
July 24, 2025 -
Filebrowser Command Execution Allowlist Bypass (CVE-2025-52995)
July 24, 2025 -
Filebrowser Command Execution not Limited to Scope (CVE-2025-52904)
July 24, 2025 -
Filebrowser Shell Commands Can Spawn Other Commands (CVE-2025-52903)
July 24, 2025 -
Filebrowser Stored Cross-Site Scripting (CVE-2025-52902)
July 24, 2025 -
Filebrowser Sensitive Data Transferred in URL (CVE-2025-52901)
July 24, 2025 -
Filebrowser Insecure File Permissions (CVE-2025-52900)
July 24, 2025