Lucene search
K

922 matches found

OSV
OSV
added 2026/03/19 5:12 p.m.3 views

GHSA-66CW-H2MJ-J39P AVideo Affected by SSRF in BulkEmbed Thumbnail Fetch Allows Reading Internal Network Resources

Summary The BulkEmbed plugin's save endpoint plugin/BulkEmbed/save.json.php fetches user-supplied thumbnail URLs via urlgetcontents without SSRF protection. Unlike all six other URL-fetching endpoints in AVideo that were hardened with isSSRFSafeURL, this code path was missed. An authenticated...

5CVSS5.9AI score0.00271EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2026/03/19 5:12 p.m.6 views

AVideo Affected by SSRF in BulkEmbed Thumbnail Fetch Allows Reading Internal Network Resources

Summary The BulkEmbed plugin's save endpoint plugin/BulkEmbed/save.json.php fetches user-supplied thumbnail URLs via urlgetcontents without SSRF protection. Unlike all six other URL-fetching endpoints in AVideo that were hardened with isSSRFSafeURL, this code path was missed. An authenticated...

5CVSS5.9AI score0.00271EPSS
Exploits1References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/19 12:0 a.m.7 views

PT-2026-26472

Summary The BulkEmbed plugin's save endpoint plugin/BulkEmbed/save.json.php fetches user-supplied thumbnail URLs via url get contents without SSRF protection. Unlike all six other URL-fetching endpoints in AVideo that were hardened with isSSRFSafeURL, this code path was missed. An authenticated...

5CVSS6AI score0.00271EPSS
Exploits1References7
ATTACKERKB
ATTACKERKB
added 2026/03/16 9:37 a.m.3 views

CVE-2026-3111

Insecure Direct Object Reference IDOR vulnerability in Campus Educativa specifically at the endpoint '/archivos/usuarios/ID/username/thumbAAxAA.jpg' translated as 80x90 and 40x45. Successful exploitation of this vulnerability could allow an unauthenticated attacker to access the profile photos of...

6.9CVSS5.8AI score0.00261EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/16 12:0 a.m.12 views

PT-2026-25668

Insecure Direct Object Reference IDOR vulnerability in Campus Educativa specifically at the endpoint '/archivos/usuarios/ID/username/thumb AAxAA.jpg' translated as 80x90 and 40x45. Successful exploitation of this vulnerability could allow an unauthenticated attacker to access the profile photos o...

6.9CVSS5.8AI score0.00261EPSS
Exploits0References1
NVD
NVD
added 2026/03/06 9:16 p.m.6 views

CVE-2026-30230

Flare is a Next.js-based, self-hostable file sharing platform that integrates with screenshot tools. Prior to version 1.7.2, the thumbnail endpoint does not validate the password for password‑protected files. It checks ownership/admin for private files but skips password verification, allowing...

8.2CVSS0.00376EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/03/06 9:9 p.m.19 views

CVE-2026-30230 Flare: Password‑Protected Thumbnail Bypass

Flare is a Next.js-based, self-hostable file sharing platform that integrates with screenshot tools. Prior to version 1.7.2, the thumbnail endpoint does not validate the password for password‑protected files. It checks ownership/admin for private files but skips password verification, allowing...

8.2CVSS0.00376EPSS
Exploits1References1
OSV
OSV
added 2026/03/06 9:9 p.m.7 views

CVE-2026-30230 Flare: Password‑Protected Thumbnail Bypass

Flare is a Next.js-based, self-hostable file sharing platform that integrates with screenshot tools. Prior to version 1.7.2, the thumbnail endpoint does not validate the password for password‑protected files. It checks ownership/admin for private files but skips password verification, allowing...

8.2CVSS5.7AI score0.00376EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/03/06 9:9 p.m.2 views

CVE-2026-30230 Flare: Password‑Protected Thumbnail Bypass

Flare is a Next.js-based, self-hostable file sharing platform that integrates with screenshot tools. Prior to version 1.7.2, the thumbnail endpoint does not validate the password for password‑protected files. It checks ownership/admin for private files but skips password verification, allowing...

8.2CVSS5.7AI score0.00376EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/03/06 9:9 p.m.5 views

CVE-2026-30230

Flare is a Next.js-based, self-hostable file sharing platform that integrates with screenshot tools. Prior to version 1.7.2, the thumbnail endpoint does not validate the password for password‑protected files. It checks ownership/admin for private files but skips password verification, allowing...

8.2CVSS5.7AI score0.00376EPSS
Exploits1References2Affected Software1
EUVD
EUVD
added 2026/03/06 9:9 p.m.7 views

EUVD-2026-10076

Flare is a Next.js-based, self-hostable file sharing platform that integrates with screenshot tools. Prior to version 1.7.2, the thumbnail endpoint does not validate the password for password‑protected files. It checks ownership/admin for private files but skips password verification, allowing...

8.2CVSS5.7AI score0.00376EPSS
Exploits1References1
AlpineLinux
AlpineLinux
added 2026/03/06 9:9 p.m.5 views

CVE-2026-30230

Flare is a Next.js-based, self-hostable file sharing platform that integrates with screenshot tools. Prior to version 1.7.2, the thumbnail endpoint does not validate the password for password‑protected files. It checks ownership/admin for private files but skips password verification, allowing...

8.2CVSS5.7AI score0.00376EPSS
Exploits1References1
CVE
CVE
added 2026/03/06 9:9 p.m.13 views

CVE-2026-30230

Flare is a Next.js-based self-hosted file sharing platform. Prior to version 1.7.2, the thumbnail endpoint did not validate the password for password-protected files; it only checked ownership/admin status for private files and skipped password verification, allowing thumbnails to be accessed wit...

8.2CVSS5.7AI score0.00376EPSS
Exploits1References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/06 12:0 a.m.10 views

PT-2026-23755

Name of the Vulnerable Software and Affected Versions Flare versions prior to 1.7.2 Description Flare, a Next.js-based file sharing platform, had a flaw where the thumbnail endpoint did not properly verify passwords for password-protected files. The system checked for ownership or administrator...

8.2CVSS5.8AI score0.00376EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/03/06 12:0 a.m.6 views

Flare 安全漏洞

Flare is a file-sharing platform developed by Zachary Lowery. Versions of Flare prior to 1.7.2 contained security vulnerabilities. These vulnerabilities stemmed from the lack of verification of the password for password-protected files at the thumbnail endpoint, allowing unauthorized access to...

8.2CVSS5.8AI score0.00376EPSS
Exploits1References1
CVE
CVE
added 2026/02/11 1:23 a.m.8 views

CVE-2025-15524

CVE-2025-15524 affects the WordPress plugin Gallery by FooGallery (versions up to and including 3.1.9). A missing capability check in ajax_get_gallery_info() allows authenticated users with Subscriber-level access and above to enumerate gallery IDs and retrieve private/draft/password-protected ga...

4.3CVSS5.5AI score0.00221EPSS
Exploits0References2
Patchstack
Patchstack
added 2026/02/02 9:2 p.m.5 views

WordPress Elementor Addon Elements plugin <= 1.12.12 - Authenticated (Contributor+) Stored Cross-Site Scripting via Thumbnail Slider Widget vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Thumbnail Slider Widget vulnerability discovered by wesley wcraft in WordPress Plugin Elementor Addon Elements versions = 1.12.12...

6.4CVSS7.1AI score0.00501EPSS
Exploits0References1Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/01/31 12:0 a.m.10 views

EulerOS Virtualization 2.10.0 : libtiff (EulerOS-SA-2026-1180)

According to the versions of the libtiff package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A vulnerability was determined in LibTIFF up to 4.5.1. Affected by this issue is the function readSeparateStripsetoBuffer of the fi...

8.8CVSS5.2AI score0.00739EPSS
Exploits2References5
Tenable Nessus
Tenable Nessus
added 2026/01/31 12:0 a.m.8 views

EulerOS Virtualization 2.10.1 : libtiff (EulerOS-SA-2026-1129)

According to the versions of the libtiff package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A vulnerability was determined in LibTIFF up to 4.5.1. Affected by this issue is the function readSeparateStripsetoBuffer of the fi...

8.8CVSS5.2AI score0.00739EPSS
Exploits2References5
CVE
CVE
added 2026/01/28 10:43 a.m.9 views

CVE-2025-41351

The CVE-2025-41351 entry concerns Funambol v30.0.0.20 cloud server vulnerability where the thumbnail display URL exposes weaknesses that permit a Padding Oracle Attack to decrypt and encrypt parameters used to generate ‘self-signed’ access URLs. Affected component/process appears to be the thumbn...

6CVSS5.9AI score0.00194EPSS
Exploits0References1
Rows per page
Query Builder