6 matches found
CVE-2026-30942
A flaw was found in Flare, a file sharing platform. An authenticated path traversal vulnerability exists in the /api/avatars/filename endpoint, allowing a logged-in user to read arbitrary files from the application container. This occurs because the filename parameter is not properly sanitized,...
CVE-2026-30942 Flare has a Path Traversal in /api/avatars/[filename]
Flare is a Next.js-based, self-hostable file sharing platform that integrates with screenshot tools. Prior to 1.7.3, an authenticated path traversal vulnerability in /api/avatars/filename allows any logged-in user to read arbitrary files from within the application container. The filename URL...
EUVD-2026-10554
Flare is a Next.js-based, self-hostable file sharing platform that integrates with screenshot tools. Prior to 1.7.3, an authenticated path traversal vulnerability in /api/avatars/filename allows any logged-in user to read arbitrary files from within the application container. The filename URL...
CVE-2026-30942 Flare has a Path Traversal in /api/avatars/[filename]
Flare is a Next.js-based, self-hostable file sharing platform that integrates with screenshot tools. Prior to 1.7.3, an authenticated path traversal vulnerability in /api/avatars/filename allows any logged-in user to read arbitrary files from within the application container. The filename URL...
CVE-2026-30942
Flare is a Next.js-based, self-hostable file sharing platform that integrates with screenshot tools. Prior to 1.7.3, an authenticated path traversal vulnerability in /api/avatars/filename allows any logged-in user to read arbitrary files from within the application container. The filename URL...
PT-2026-24251
Name of the Vulnerable Software and Affected Versions Flare versions prior to 1.7.3 Description Flare is a Next.js-based, self-hostable file sharing platform. A path traversal issue exists in the /api/avatars/filename endpoint, allowing authenticated users to read arbitrary files within the...