CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

NVD•added 2026/03/06 9:16 p.m.•2 views

CVE-2026-30230

Flare is a Next.js-based, self-hostable file sharing platform that integrates with screenshot tools. Prior to version 1.7.2, the thumbnail endpoint does not validate the password for password‑protected files. It checks ownership/admin for private files but skips password verification, allowing...

8.2CVSS0.00023EPSS

NVD•added 2026/03/06 5:16 a.m.•4 views

CVE-2026-29084

Gokapi is a self-hosted file sharing server with automatic expiration and encryption support. Prior to version 2.2.3, the login flow accepts credential-bearing requests without CSRF protection mechanisms tied to the browser session context. The handler parses form values directly and creates a...

4.6CVSS0.00005EPSS

Exploits0References2

NVD•added 2026/03/06 5:16 a.m.•5 views

CVE-2026-29060

Gokapi is a self-hosted file sharing server with automatic expiration and encryption support. Prior to version 2.2.3, a registered user without privileges to create or modify file requests is able to create a short-lived API key that has the permission to do so. The user must be registered with...

5CVSS0.00009EPSS

Exploits0References2

CNNVD•added 2026/03/06 12:0 a.m.•3 views

Flare 安全漏洞

Flare is a file-sharing platform developed by Zachary Lowery. Versions of Flare prior to 1.7.2 contained security vulnerabilities. These vulnerabilities stemmed from the fact that raw and direct file routing only prevented unauthenticated users from accessing private files. This allowed any...

6CVSS5.8AI score0.00029EPSS

CNNVD•added 2026/03/06 12:0 a.m.•3 views

Flare 安全漏洞

Flare is a file-sharing platform developed by Zachary Lowery. Versions of Flare prior to 1.7.2 contained security vulnerabilities. These vulnerabilities stemmed from the lack of verification of the password for password-protected files at the thumbnail endpoint, allowing unauthorized access to...

8.2CVSS5.8AI score0.00023EPSS

Positive Technologies•added 2026/03/06 12:0 a.m.•4 views

PT-2026-23756

Name of the Vulnerable Software and Affected Versions Flare versions prior to 1.7.2 Description Flare, a Next.js-based file sharing platform, had a flaw where authenticated, non-owner users could access private files if they knew the file URL. This occurred because the raw and direct file routes...

6CVSS5.8AI score0.00029EPSS

Exploits1References3

Packet Storm•added 2026/03/03 12:0 a.m.•103 views

📄 Easy File Sharing Web Server 7.2 Buffer Overflow

Easy File Sharing Web Server version 7.2 suffers from a buffer overflow vulnerability. Exploit title: Easy File Sharing Web Server v7.2 - Buffer Overflow Date: 16/10/2025 Exploit Author: Donwor X: @realDonwor Discord: Donwor Website: https://github.com/D0nw0r Software Link:...

6.1AI score

Exploits0

Exploit DB•added 2026/03/03 12:0 a.m.•126 views

Easy File Sharing Web Server v7.2 - Buffer Overflow

Exploit title: Easy File Sharing Web Server v7.2 - Buffer Overflow Date: 16/10/2025 Exploit Author: Donwor X: @realDonwor Discord: Donwor Website: https://github.com/D0nw0r Software Link: https://www.exploit-db.com/apps/60f3ff1f3cd34dec80fba130ea481f31-efssetup.exe Version: Easy File Sharing Web...

5.9AI score

Exploits0

Tenable Nessus•added 2026/02/14 12:0 a.m.•4 views

Linux Distros Unpatched Vulnerability : CVE-2026-23205

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - smb/client: fix memory leak in smb2openfile Reproducer: 1. server: directories are exported read-only 2. client: mount -t cifs //$serverip/export /mnt 3. client...

5.5CVSS5.9AI score0.00025EPSS

RedhatCVE•added 2026/01/29 3:18 p.m.•8 views

CVE-2026-1280

The Frontend File Manager Plugin for WordPress is vulnerable to unauthorized file sharing due to a missing capability check on the 'wpfmsendfileinemail' AJAX action in all versions up to, and including, 23.5. This makes it possible for unauthenticated attackers to share arbitrary uploaded files v...

CVE•added 2026/01/28 11:23 a.m.•11 views

Exploits0References1

CVE-2026-1280

CVE-2026-1280 affects the WordPress Frontend File Manager Plugin, versions up to 23.5. The vulnerability stems from a missing capability check on the AJAX action wpfm_send_file_in_email, allowing unauthenticated attackers to share arbitrary uploaded files by supplying a file_id. File IDs are sequ...

ATTACKERKB•added 2026/01/28 11:23 a.m.•2 views

CVE-2026-1280

Vulnrichment•added 2026/01/28 11:23 a.m.•5 views

Exploits0References4

CVE-2026-1280 Frontend File Manager Plugin <= 23.5 - Missing Authorization to Unauthenticated Arbitrary File Sharing via 'file_id' Parameter

Cvelist•added 2026/01/28 11:23 a.m.•30 views

CVE-2026-1280 Frontend File Manager Plugin <= 23.5 - Missing Authorization to Unauthenticated Arbitrary File Sharing via 'file_id' Parameter

7.5CVSS0.00096EPSS

Patchstack•added 2026/01/28 1:54 a.m.•4 views

WordPress Frontend File Manager plugin plugin <= 23.5 - Missing Authorization to Unauthenticated Arbitrary File Sharing via 'file_id' Parameter vulnerability

Missing Authorization to Unauthenticated Arbitrary File Sharing via 'fileid' Parameter vulnerability discovered by Md. Moniruzzaman Prodhan NomanProdhan - Knight Squad in WordPress Plugin Frontend File Manager versions = 23.5...

7.5CVSS5.9AI score0.00096EPSS

Exploits0References1Affected Software1

Positive Technologies•added 2026/01/28 12:0 a.m.•3 views

PT-2026-5093

The Frontend File Manager Plugin for WordPress is vulnerable to unauthorized file sharing due to a missing capability check on the 'wpfm send file in email' AJAX action in all versions up to, and including, 23.5. This makes it possible for unauthenticated attackers to share arbitrary uploaded fil...