8 matches found
CVE-2026-30231 Flare: Private File IDOR via raw/direct endpoints
Flare is a Next.js-based, self-hostable file sharing platform that integrates with screenshot tools. Prior to version 1.7.2, the raw and direct file routes only block unauthenticated users from accessing private files. Any authenticated, non‑owner user who knows the file URL can retrieve the...
CVE-2023-4335
Broadcom RAID Controller Web server nginx is serving private server-side files without any authentication on Linux...
EUVD-2007-0229
Malware in sbrugna...
EUVD-2024-31992
Malicious code in bioql PyPI...
File Download - Moderately critical - Access bypass - SA-CONTRIB-2025-089
The File Download enables you to allow users to download file and image entities directly using a custom field formatter. It also provides an optional submodule to count and display file downloads in Views, similar to how the core statistics module tracks content views. The File Download module...
Kanboard -- Multiple vulnerabilities
Kanboard is project management software that focuses on the Kanban methodology. The last update includes 4 vulnerabilities: [email protected] reports: Missing access control in internal task links feature Stored Cross site scripting in the Task External Link Functionality in Kanboard...
Access Control Bypass
drupal/core is vulnerable to Access Control Bypass. The vulnerability is due to the download facility failing to sufficiently sanitize file paths, resulting in private file exposure to users who shouldn't have access...
Design/Logic Flaw
Moodle before 2.2.2 has users' private files included in course backups...