Vulnerabilidades en error311
14 resultadosCVE-2026-54414CRITICALFileRise shared-folder upload path traversal allows arbitrary file write and admin takeoverEPSS 0.7%CVE-2026-33071MEDIUMFileRise: WebDAV upload path bypasses filename validation enforced by regular uploadsEPSS 0.6%CVE-2026-33329HIGHFileRise: Path Traversal in `resumableIdentifier` Leading to Arbitrary File Write, Recursive Directory Deletion, and Limited Existence OracleEPSS 0.4%CVE-2026-33330HIGHFileRise ONLYOFFICE integration allows read-only users to overwrite files via forged save callbackEPSS 0.4%CVE-2026-25231HIGHFileRise affected by an Unauthenticated File Read Due to Insufficient Access ControlEPSS 0.4%CVE-2026-33070LOWFileRise has Unauthenticated Share Link DeletionEPSS 0.4%CVE-2025-62510HIGHFileRise insecure folder visibility via name-based mapping and incomplete ACL checksEPSS 0.3%CVE-2025-62509HIGHFileRise improper ownership/permission validation allowed cross-tenant file operationsEPSS 0.3%CVE-2026-44460HIGHFileRise: TOTP Bypass via Setup Endpoint Disclosing Existing SecretEPSS 0.3%CVE-2026-33477MEDIUMFileRise has incorrect authorization in /api/file/snippet.php allows read_own users to read other users’ file contentEPSS 0.2%CVE-2026-33072HIGHFileRise: Default Encryption Key Enables Token Forgery and Config DecryptionEPSS 0.2%CVE-2025-68116HIGHFileRise vulnerable to Cross-Site Scripting (XSS) in SVG File HandlingEPSS 0.2%CVE-2026-25230MEDIUMFileRise affected by HTML Injection using color property in file tagsEPSS 0.2%CVE-2025-66403MEDIUMFileRise Vulnerable to Stored XSS via SVG UploadEPSS 0.2%