Lucene search
+L

8 matches found

osv
osv
added 2026/03/06 9:10 p.m.6 views

CVE-2026-30231 Flare: Private File IDOR via raw/direct endpoints

Flare is a Next.js-based, self-hostable file sharing platform that integrates with screenshot tools. Prior to version 1.7.2, the raw and direct file routes only block unauthenticated users from accessing private files. Any authenticated, non‑owner user who knows the file URL can retrieve the...

6CVSS5.7AI score0.00283EPSS
Exploits1References3
redhatcve
redhatcve
added 2026/01/09 12:31 p.m.19 views

CVE-2023-4335

Broadcom RAID Controller Web server nginx is serving private server-side files without any authentication on Linux...

7.5CVSS7.2AI score0.00493EPSS
Exploits0References1
euvd
euvd
added 2025/10/07 12:30 a.m.6 views

EUVD-2007-0229

Malware in sbrugna...

5CVSS6.1AI score0.01673EPSS
Exploits0References9
euvd
euvd
added 2025/10/03 8:7 p.m.6 views

EUVD-2024-31992

Malicious code in bioql PyPI...

7.5CVSS7.7AI score0.011EPSS
Exploits1References1
drupal
drupal
added 2025/07/16 12:0 a.m.24 views

File Download - Moderately critical - Access bypass - SA-CONTRIB-2025-089

The File Download enables you to allow users to download file and image entities directly using a custom field formatter. It also provides an optional submodule to count and display file downloads in Views, similar to how the core statistics module tracks content views. The File Download module...

7.5CVSS7AI score0.0035EPSS
Exploits0References3
freebsd
freebsd
added 2023/06/05 12:0 a.m.18 views

Kanboard -- Multiple vulnerabilities

Kanboard is project management software that focuses on the Kanban methodology. The last update includes 4 vulnerabilities: [email protected] reports: Missing access control in internal task links feature Stored Cross site scripting in the Task External Link Functionality in Kanboard...

6.5CVSS6.7AI score0.00625EPSS
Exploits4References4
veracode
veracode
added 2023/05/09 7:36 a.m.23 views

Access Control Bypass

drupal/core is vulnerable to Access Control Bypass. The vulnerability is due to the download facility failing to sufficiently sanitize file paths, resulting in private file exposure to users who shouldn't have access...

6.5CVSS6.2AI score0.0054EPSS
Exploits0References5Affected Software1
prion
prion
added 2019/11/14 4:15 p.m.20 views

Design/Logic Flaw

Moodle before 2.2.2 has users' private files included in course backups...

5CVSS6.8AI score0.02141EPSS
Exploits0References9Affected Software3
Rows per page
Query Builder