Masteriyo LMS <= 1.7.2 - Unauthenticated Privilege Escalation

The Masteriyo LMS – eLearning and Online Course Builder for WordPress plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the updateloggedinuser function in all versions up to, and including, 1.7.2. This makes it possible for unauthenticated attackers t...

OPENSUSE-SU-2026:10883-1 python311-Authlib-1.7.2-1.1 on GA media

These are all security issues fixed in the python311-Authlib-1.7.2-1.1 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2026:20783-1 Security update for leancrypto

This update for leancrypto fixes the following issues Security issue: - CVE-2026-34610: The leancrypto library is a cryptographic library that exclusively contains only PQC-resistant cryptographic algorithms. Prior to version 1.7.1, lcx509extractnamesegment casts sizet vlen to uint8t when stori...

SUSE-SU-2026:21754-1 Security update for leancrypto

This update for leancrypto fixes the following issues Security issue: - CVE-2026-34610: The leancrypto library is a cryptographic library that exclusively contains only PQC-resistant cryptographic algorithms. Prior to version 1.7.1, lcx509extractnamesegment casts sizet vlen to uint8t when stori...

Important: Red Hat Security Advisory: Red Hat OpenShift Builds 1.7.2

Red Hat OpenShift Builds 1.7.2 Releases of Red Hat OpenShift Builds 1.7.2...

Important: Red Hat Security Advisory: Red Hat OpenShift Builds 1.7.2

Red Hat OpenShift Builds 1.7.2 Releases of Red Hat OpenShift Builds 1.7.2...

OPENSUSE-SU-2026:10563-1 leancrypto-devel-1.7.2-1.1 on GA media

These are all security issues fixed in the leancrypto-devel-1.7.2-1.1 package on the GA media of openSUSE Tumbleweed...

CVE-2024-13785

The The Contact Form, Survey, Quiz & Popup Form Builder – ARForms plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.7.2. This is due to the software allowing users to execute an action that does not properly validate a value before running...

CVE-2024-13785

The The Contact Form, Survey, Quiz & Popup Form Builder – ARForms plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.7.2. This is due to the software allowing users to execute an action that does not properly validate a value before running...

CVE-2026-30230

Flare is a Next.js-based, self-hostable file sharing platform that integrates with screenshot tools. Prior to version 1.7.2, the thumbnail endpoint does not validate the password for password‑protected files. It checks ownership/admin for private files but skips password verification, allowing...

CVE-2026-30231

Flare is a Next.js-based, self-hostable file sharing platform that integrates with screenshot tools. Prior to version 1.7.2, the raw and direct file routes only block unauthenticated users from accessing private files. Any authenticated, non‑owner user who knows the file URL can retrieve the...

CVE-2026-30231 Flare: Private File IDOR via raw/direct endpoints

Flare is a Next.js-based, self-hostable file sharing platform that integrates with screenshot tools. Prior to version 1.7.2, the raw and direct file routes only block unauthenticated users from accessing private files. Any authenticated, non‑owner user who knows the file URL can retrieve the...

CVE-2026-30231 Flare: Private File IDOR via raw/direct endpoints

Flare is a Next.js-based, self-hostable file sharing platform that integrates with screenshot tools. Prior to version 1.7.2, the raw and direct file routes only block unauthenticated users from accessing private files. Any authenticated, non‑owner user who knows the file URL can retrieve the...

CVE-2026-30231 Flare: Private File IDOR via raw/direct endpoints

Flare is a Next.js-based, self-hostable file sharing platform that integrates with screenshot tools. Prior to version 1.7.2, the raw and direct file routes only block unauthenticated users from accessing private files. Any authenticated, non‑owner user who knows the file URL can retrieve the...

EUVD-2026-10077

Flare is a Next.js-based, self-hostable file sharing platform that integrates with screenshot tools. Prior to version 1.7.2, the raw and direct file routes only block unauthenticated users from accessing private files. Any authenticated, non‑owner user who knows the file URL can retrieve the...

CVE-2026-30231

Flare is a Next.js-based, self-hostable file sharing platform that integrates with screenshot tools. Prior to version 1.7.2, the raw and direct file routes only block unauthenticated users from accessing private files. Any authenticated, non‑owner user who knows the file URL can retrieve the...

CVE-2026-30231

Flare is a Next.js-based, self-hostable file sharing platform that integrates with screenshot tools. Prior to version 1.7.2, the raw and direct file routes only block unauthenticated users from accessing private files. Any authenticated, non‑owner user who knows the file URL can retrieve the...

CVE-2026-30231

CVE-2026-30231 affects Flare, a Next.js-based self-hosted file sharing platform. Before version 1.7.2, raw and direct file routes failed to block authenticated non-owners who know a private file URL, enabling access that should be restricted. The issue is a private-file IDOR via raw/direct endpoi...

EUVD-2026-10076

Flare is a Next.js-based, self-hostable file sharing platform that integrates with screenshot tools. Prior to version 1.7.2, the thumbnail endpoint does not validate the password for password‑protected files. It checks ownership/admin for private files but skips password verification, allowing...

CVE-2026-30230

Flare is a Next.js-based self-hosted file sharing platform. Prior to version 1.7.2, the thumbnail endpoint did not validate the password for password-protected files; it only checked ownership/admin status for private files and skipped password verification, allowing thumbnails to be accessed wit...