Lucene search
+L

1607 matches found

NVD
NVD
added 2026/03/06 9:16 p.m.6 views

CVE-2026-30230

Flare is a Next.js-based, self-hostable file sharing platform that integrates with screenshot tools. Prior to version 1.7.2, the thumbnail endpoint does not validate the password for password‑protected files. It checks ownership/admin for private files but skips password verification, allowing...

8.2CVSS0.00376EPSS
Exploits1References1
NVD
NVD
added 2026/03/06 5:16 a.m.7 views

CVE-2026-29084

Gokapi is a self-hosted file sharing server with automatic expiration and encryption support. Prior to version 2.2.3, the login flow accepts credential-bearing requests without CSRF protection mechanisms tied to the browser session context. The handler parses form values directly and creates a...

4.6CVSS0.00076EPSS
Exploits0References2
NVD
NVD
added 2026/03/06 5:16 a.m.16 views

CVE-2026-29060

Gokapi is a self-hosted file sharing server with automatic expiration and encryption support. Prior to version 2.2.3, a registered user without privileges to create or modify file requests is able to create a short-lived API key that has the permission to do so. The user must be registered with...

5CVSS0.00137EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/03/06 12:0 a.m.11 views

PT-2026-23756

Name of the Vulnerable Software and Affected Versions Flare versions prior to 1.7.2 Description Flare, a Next.js-based file sharing platform, had a flaw where authenticated, non-owner users could access private files if they knew the file URL. This occurred because the raw and direct file routes...

6CVSS5.8AI score0.00283EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/03/06 12:0 a.m.6 views

Flare 安全漏洞

Flare is a file-sharing platform developed by Zachary Lowery. Versions of Flare prior to 1.7.2 contained security vulnerabilities. These vulnerabilities stemmed from the lack of verification of the password for password-protected files at the thumbnail endpoint, allowing unauthorized access to...

8.2CVSS5.8AI score0.00376EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/03/06 12:0 a.m.8 views

Flare 安全漏洞

Flare is a file-sharing platform developed by Zachary Lowery. Versions of Flare prior to 1.7.2 contained security vulnerabilities. These vulnerabilities stemmed from the fact that raw and direct file routing only prevented unauthenticated users from accessing private files. This allowed any...

6CVSS5.8AI score0.00283EPSS
Exploits1References1
Exploit DB
Exploit DB
added 2026/03/03 12:0 a.m.163 views

Easy File Sharing Web Server v7.2 - Buffer Overflow

Exploit title: Easy File Sharing Web Server v7.2 - Buffer Overflow Date: 16/10/2025 Exploit Author: Donwor X: @realDonwor Discord: Donwor Website: https://github.com/D0nw0r Software Link: https://www.exploit-db.com/apps/60f3ff1f3cd34dec80fba130ea481f31-efssetup.exe Version: Easy File Sharing Web...

5.9AI score
Exploits0
Packet Storm
Packet Storm
added 2026/03/03 12:0 a.m.140 views

📄 Easy File Sharing Web Server 7.2 Buffer Overflow

Easy File Sharing Web Server version 7.2 suffers from a buffer overflow vulnerability. Exploit title: Easy File Sharing Web Server v7.2 - Buffer Overflow Date: 16/10/2025 Exploit Author: Donwor X: @realDonwor Discord: Donwor Website: https://github.com/D0nw0r Software Link:...

6.1AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/02/14 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2026-23205

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - smb/client: fix memory leak in smb2openfile Reproducer: 1. server: directories are exported read-only 2. client: mount -t cifs //$serverip/export /mnt 3. client...

5.5CVSS6.2AI score0.00114EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/01/29 3:18 p.m.12 views

CVE-2026-1280

The Frontend File Manager Plugin for WordPress is vulnerable to unauthorized file sharing due to a missing capability check on the 'wpfmsendfileinemail' AJAX action in all versions up to, and including, 23.5. This makes it possible for unauthenticated attackers to share arbitrary uploaded files v...

7.5CVSS5.8AI score0.00292EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/01/28 11:23 a.m.7 views

CVE-2026-1280 Frontend File Manager Plugin <= 23.5 - Missing Authorization to Unauthenticated Arbitrary File Sharing via 'file_id' Parameter

The Frontend File Manager Plugin for WordPress is vulnerable to unauthorized file sharing due to a missing capability check on the 'wpfmsendfileinemail' AJAX action in all versions up to, and including, 23.5. This makes it possible for unauthenticated attackers to share arbitrary uploaded files v...

7.5CVSS5.8AI score0.00292EPSS
Exploits0References3
CVE
CVE
added 2026/01/28 11:23 a.m.18 views

CVE-2026-1280

CVE-2026-1280 affects the WordPress Frontend File Manager Plugin, versions up to 23.5. The vulnerability stems from a missing capability check on the AJAX action wpfm_send_file_in_email, allowing unauthenticated attackers to share arbitrary uploaded files by supplying a file_id. File IDs are sequ...

7.5CVSS5.8AI score0.00292EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/01/28 11:23 a.m.3 views

CVE-2026-1280

The Frontend File Manager Plugin for WordPress is vulnerable to unauthorized file sharing due to a missing capability check on the 'wpfmsendfileinemail' AJAX action in all versions up to, and including, 23.5. This makes it possible for unauthenticated attackers to share arbitrary uploaded files v...

7.5CVSS5.8AI score0.00292EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/01/28 11:23 a.m.36 views

CVE-2026-1280 Frontend File Manager Plugin <= 23.5 - Missing Authorization to Unauthenticated Arbitrary File Sharing via 'file_id' Parameter

The Frontend File Manager Plugin for WordPress is vulnerable to unauthorized file sharing due to a missing capability check on the 'wpfmsendfileinemail' AJAX action in all versions up to, and including, 23.5. This makes it possible for unauthenticated attackers to share arbitrary uploaded files v...

7.5CVSS0.00292EPSS
Exploits0References3
Patchstack
Patchstack
added 2026/01/28 1:54 a.m.7 views

WordPress Frontend File Manager plugin plugin <= 23.5 - Missing Authorization to Unauthenticated Arbitrary File Sharing via 'file_id' Parameter vulnerability

Missing Authorization to Unauthenticated Arbitrary File Sharing via 'fileid' Parameter vulnerability discovered by Md. Moniruzzaman Prodhan NomanProdhan - Knight Squad in WordPress Plugin Frontend File Manager versions = 23.5...

7.5CVSS5.9AI score0.00292EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/01/28 12:0 a.m.7 views

PT-2026-5093

The Frontend File Manager Plugin for WordPress is vulnerable to unauthorized file sharing due to a missing capability check on the 'wpfm send file in email' AJAX action in all versions up to, and including, 23.5. This makes it possible for unauthenticated attackers to share arbitrary uploaded fil...

7.5CVSS5.8AI score0.00292EPSS
Exploits0References4
AstraLinux
AstraLinux
added 2026/01/27 5:1 a.m.8 views

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: cifs: A NULL pointer dereference issue occurs during UTF16 conversion. There may be a bug where a NULL pointer is passed to cifssfumakenode without any checks. This NULL value is then passed unchecked to cifsstrnduptoutf16, which...

5.5CVSS6.3AI score0.00146EPSS
Exploits0References3
OSV
OSV
added 2026/01/26 11:36 a.m.1 views

SUSE-SU-2026:0293-1 Security update for the Linux Kernel

The SUSE Linux Enterprise 15 SP6 kernel was updated to fix various security issues The following security issues were fixed: - CVE-2025-38321: smb: Log an error when closeallcacheddirs fails bsc1246328. - CVE-2025-38728: smb3: fix for slab out of bounds on mount to ksmbd bsc1249256. -...

7.8CVSS6.4AI score0.00319EPSS
Exploits0References692
SUSE CVE
SUSE CVE
added 2026/01/24 12:25 a.m.6 views

SUSE CVE-2025-71151

In the Linux kernel, the following vulnerability has been resolved: cifs: Fix memory and information leak in smb3reconfigure In smb3reconfigure, if smb3syncsessionctxpasswords fails, the function returns immediately without freeing and erasing the newly allocated newpassword and newpassword2. Thi...

4.7CVSS5.2AI score0.00114EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/01/22 12:0 a.m.4 views

Azure Linux 3.0 Security Update: kernel (CVE-2025-21673)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-21673 advisory. - In the Linux kernel, the following vulnerability has been resolved: smb: client: fix double free of...

5.5CVSS5.3AI score0.002EPSS
Exploits0References2
Rows per page
Query Builder