Lucene search
+L

374 matches found

RedhatCVE
RedhatCVE
added 2026/03/10 8:9 p.m.4 views

CVE-2026-30942

A flaw was found in Flare, a file sharing platform. An authenticated path traversal vulnerability exists in the /api/avatars/filename endpoint, allowing a logged-in user to read arbitrary files from the application container. This occurs because the filename parameter is not properly sanitized,...

8.3CVSS5.8AI score0.00608EPSS
Exploits1References6
Vulnrichment
Vulnrichment
added 2026/03/10 4:44 p.m.4 views

CVE-2026-30942 Flare has a Path Traversal in /api/avatars/[filename]

Flare is a Next.js-based, self-hostable file sharing platform that integrates with screenshot tools. Prior to 1.7.3, an authenticated path traversal vulnerability in /api/avatars/filename allows any logged-in user to read arbitrary files from within the application container. The filename URL...

8.3CVSS5.9AI score0.00608EPSS
Exploits1References3
EUVD
EUVD
added 2026/03/10 4:44 p.m.5 views

EUVD-2026-10553

Flare is a Next.js-based, self-hostable file sharing platform that integrates with screenshot tools. Prior to 1.7.3, an authenticated path traversal vulnerability in /api/avatars/filename allows any logged-in user to read arbitrary files from within the application container. The filename URL...

8.3CVSS5.9AI score0.00608EPSS
Exploits1References3
AlpineLinux
AlpineLinux
added 2026/03/10 4:44 p.m.1 views

CVE-2026-30942

Flare is a Next.js-based, self-hostable file sharing platform that integrates with screenshot tools. Prior to 1.7.3, an authenticated path traversal vulnerability in /api/avatars/filename allows any logged-in user to read arbitrary files from within the application container. The filename URL...

8.3CVSS5.9AI score0.00608EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/03/10 12:0 a.m.4 views

PT-2026-24251

Name of the Vulnerable Software and Affected Versions Flare versions prior to 1.7.3 Description Flare is a Next.js-based, self-hostable file sharing platform. A path traversal issue exists in the /api/avatars/filename endpoint, allowing authenticated users to read arbitrary files within the...

8.3CVSS5.8AI score0.00608EPSS
Exploits1References7
CNNVD
CNNVD
added 2026/03/10 12:0 a.m.6 views

Flare 路径遍历漏洞

Flare is a file-sharing platform developed by Zachary Lowery. Versions of Flare prior to 1.7.3 contained a path traversal vulnerability. This vulnerability stemmed from the /api/avatars/filename path traversal, which could lead to arbitrary file reading...

8.3CVSS5.9AI score0.00608EPSS
Exploits1References4
NVD
NVD
added 2026/03/06 9:16 p.m.7 views

CVE-2026-30231

Flare is a Next.js-based, self-hostable file sharing platform that integrates with screenshot tools. Prior to version 1.7.2, the raw and direct file routes only block unauthenticated users from accessing private files. Any authenticated, non‑owner user who knows the file URL can retrieve the...

6CVSS0.00283EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/03/06 9:10 p.m.20 views

CVE-2026-30231 Flare: Private File IDOR via raw/direct endpoints

Flare is a Next.js-based, self-hostable file sharing platform that integrates with screenshot tools. Prior to version 1.7.2, the raw and direct file routes only block unauthenticated users from accessing private files. Any authenticated, non‑owner user who knows the file URL can retrieve the...

6CVSS0.00283EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/03/06 9:10 p.m.2 views

CVE-2026-30231 Flare: Private File IDOR via raw/direct endpoints

Flare is a Next.js-based, self-hostable file sharing platform that integrates with screenshot tools. Prior to version 1.7.2, the raw and direct file routes only block unauthenticated users from accessing private files. Any authenticated, non‑owner user who knows the file URL can retrieve the...

6CVSS5.7AI score0.00283EPSS
Exploits1References1
CVE
CVE
added 2026/03/06 9:10 p.m.18 views

CVE-2026-30231

CVE-2026-30231 affects Flare, a Next.js-based self-hosted file sharing platform. Before version 1.7.2, raw and direct file routes failed to block authenticated non-owners who know a private file URL, enabling access that should be restricted. The issue is a private-file IDOR via raw/direct endpoi...

6CVSS5.7AI score0.00283EPSS
Exploits1References1Affected Software1
EUVD
EUVD
added 2026/03/06 9:10 p.m.7 views

EUVD-2026-10077

Flare is a Next.js-based, self-hostable file sharing platform that integrates with screenshot tools. Prior to version 1.7.2, the raw and direct file routes only block unauthenticated users from accessing private files. Any authenticated, non‑owner user who knows the file URL can retrieve the...

6CVSS5.7AI score0.00283EPSS
Exploits1References1
AlpineLinux
AlpineLinux
added 2026/03/06 9:10 p.m.4 views

CVE-2026-30231

Flare is a Next.js-based, self-hostable file sharing platform that integrates with screenshot tools. Prior to version 1.7.2, the raw and direct file routes only block unauthenticated users from accessing private files. Any authenticated, non‑owner user who knows the file URL can retrieve the...

6CVSS5.7AI score0.00283EPSS
Exploits1References1
EUVD
EUVD
added 2026/03/06 9:9 p.m.8 views

EUVD-2026-10076

Flare is a Next.js-based, self-hostable file sharing platform that integrates with screenshot tools. Prior to version 1.7.2, the thumbnail endpoint does not validate the password for password‑protected files. It checks ownership/admin for private files but skips password verification, allowing...

8.2CVSS5.7AI score0.00376EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/03/06 9:9 p.m.20 views

CVE-2026-30230 Flare: Password‑Protected Thumbnail Bypass

Flare is a Next.js-based, self-hostable file sharing platform that integrates with screenshot tools. Prior to version 1.7.2, the thumbnail endpoint does not validate the password for password‑protected files. It checks ownership/admin for private files but skips password verification, allowing...

8.2CVSS0.00376EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/03/06 9:9 p.m.6 views

CVE-2026-30230

Flare is a Next.js-based, self-hostable file sharing platform that integrates with screenshot tools. Prior to version 1.7.2, the thumbnail endpoint does not validate the password for password‑protected files. It checks ownership/admin for private files but skips password verification, allowing...

8.2CVSS5.7AI score0.00376EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/06 9:9 p.m.3 views

CVE-2026-30230 Flare: Password‑Protected Thumbnail Bypass

Flare is a Next.js-based, self-hostable file sharing platform that integrates with screenshot tools. Prior to version 1.7.2, the thumbnail endpoint does not validate the password for password‑protected files. It checks ownership/admin for private files but skips password verification, allowing...

8.2CVSS5.7AI score0.00376EPSS
Exploits1References1
OSV
OSV
added 2026/03/06 9:9 p.m.8 views

CVE-2026-30230 Flare: Password‑Protected Thumbnail Bypass

Flare is a Next.js-based, self-hostable file sharing platform that integrates with screenshot tools. Prior to version 1.7.2, the thumbnail endpoint does not validate the password for password‑protected files. It checks ownership/admin for private files but skips password verification, allowing...

8.2CVSS5.7AI score0.00376EPSS
Exploits1References3
CVE
CVE
added 2026/03/06 9:9 p.m.17 views

CVE-2026-30230

Flare is a Next.js-based self-hosted file sharing platform. Prior to version 1.7.2, the thumbnail endpoint did not validate the password for password-protected files; it only checked ownership/admin status for private files and skipped password verification, allowing thumbnails to be accessed wit...

8.2CVSS5.7AI score0.00376EPSS
Exploits1References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/06 12:0 a.m.12 views

PT-2026-23755

Name of the Vulnerable Software and Affected Versions Flare versions prior to 1.7.2 Description Flare, a Next.js-based file sharing platform, had a flaw where the thumbnail endpoint did not properly verify passwords for password-protected files. The system checked for ownership or administrator...

8.2CVSS5.8AI score0.00376EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/03/06 12:0 a.m.6 views

Flare 安全漏洞

Flare is a file-sharing platform developed by Zachary Lowery. Versions of Flare prior to 1.7.2 contained security vulnerabilities. These vulnerabilities stemmed from the lack of verification of the password for password-protected files at the thumbnail endpoint, allowing unauthorized access to...

8.2CVSS5.8AI score0.00376EPSS
Exploits1References1
Rows per page
Query Builder