Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1336 CNY

100%

FileRise — Vulnerabilities & Security Advisories 14

All 14 CVE vulnerabilities found in FileRise, with AI-generated Chinese analysis, references, and POCs.

This page provides a comprehensive aggregation of vulnerability data specifically for FileRise, focusing on common weakness classifications and associated security tags. It collects reports of various security flaws, including but not limited to cross-site scripting, path traversal, and unauthorized access issues, covering historical records from the last five years up to the present date. Here, users can effectively track vendor advisories to stay updated on the latest security patches and responses from the developers. You can also gain a deeper understanding of specific weakness classes by analyzing trends and patterns across multiple reported incidents. Additionally, the platform allows you to look up a product's vulnerability history, offering a chronological view of how security issues have been identified, resolved, or persisted over time. This resource is designed to assist security professionals, developers, and auditors in assessing the risk posture of FileRise installations. By centralizing these disparate data points, the page simplifies the complex task of managing software security. It serves as a single reference point for evaluating past breaches and understanding the current threat landscape specific to this software. The information is structured to facilitate quick retrieval and detailed analysis, ensuring that stakeholders have access to accurate and timely security intelligence. This approach supports proactive risk management and informed decision-making regarding software updates and mitigation strategies.

Vendor: error311

CVE IDTitleCVSSSeverityPublished
CVE-2026-54414 FileRise shared-folder upload path traversal allows arbitrary file write and admin takeover CWE-22 9.8 Critical2026-06-19
CVE-2026-44460 FileRise: TOTP Bypass via Setup Endpoint Disclosing Existing Secret CWE-200 7.4 High2026-05-27
CVE-2026-33477 FileRise has incorrect authorization in /api/file/snippet.php allows read_own users to read other users’ file content CWE-863 4.3 Medium2026-03-26
CVE-2026-33330 FileRise ONLYOFFICE integration allows read-only users to overwrite files via forged save callback CWE-863 7.1 High2026-03-24
CVE-2026-33329 FileRise: Path Traversal in `resumableIdentifier` Leading to Arbitrary File Write, Recursive Directory Deletion, and Limited Existence Oracle CWE-22 8.1 High2026-03-24
CVE-2026-33072 FileRise: Default Encryption Key Enables Token Forgery and Config Decryption CWE-798 8.2 High2026-03-20
CVE-2026-33071 FileRise: WebDAV upload path bypasses filename validation enforced by regular uploads CWE-434 4.3 Medium2026-03-20
CVE-2026-33070 FileRise has Unauthenticated Share Link Deletion CWE-306 3.7 Low2026-03-20
CVE-2026-25231 FileRise affected by an Unauthenticated File Read Due to Insufficient Access Control CWE-284 7.5 High2026-02-09
CVE-2026-25230 FileRise affected by HTML Injection using color property in file tags CWE-79 4.6 Medium2026-02-09
CVE-2025-68116 FileRise vulnerable to Cross-Site Scripting (XSS) in SVG File Handling CWE-79 8.9 High2025-12-16
CVE-2025-66403 FileRise Vulnerable to Stored XSS via SVG Upload CWE-79 4.6 Medium2025-12-01
CVE-2025-62510 FileRise insecure folder visibility via name-based mapping and incomplete ACL checks CWE-280 8.1 High2025-10-20
CVE-2025-62509 FileRise improper ownership/permission validation allowed cross-tenant file operations CWE-280 8.1 High2025-10-20

All 14 known CVE vulnerabilities affecting FileRise with full Chinese analysis, references, and POCs where available.