938 matches found
CVE-2026-30230
Flare is a Next.js-based, self-hostable file sharing platform that integrates with screenshot tools. Prior to version 1.7.2, the thumbnail endpoint does not validate the password for password‑protected files. It checks ownership/admin for private files but skips password verification, allowing...
EUVD-2026-10076
Flare is a Next.js-based, self-hostable file sharing platform that integrates with screenshot tools. Prior to version 1.7.2, the thumbnail endpoint does not validate the password for password‑protected files. It checks ownership/admin for private files but skips password verification, allowing...
CVE-2026-30230 Flare: Password‑Protected Thumbnail Bypass
Flare is a Next.js-based, self-hostable file sharing platform that integrates with screenshot tools. Prior to version 1.7.2, the thumbnail endpoint does not validate the password for password‑protected files. It checks ownership/admin for private files but skips password verification, allowing...
CVE-2026-30230
Flare is a Next.js-based, self-hostable file sharing platform that integrates with screenshot tools. Prior to version 1.7.2, the thumbnail endpoint does not validate the password for password‑protected files. It checks ownership/admin for private files but skips password verification, allowing...
CVE-2026-30230 Flare: Password‑Protected Thumbnail Bypass
Flare is a Next.js-based, self-hostable file sharing platform that integrates with screenshot tools. Prior to version 1.7.2, the thumbnail endpoint does not validate the password for password‑protected files. It checks ownership/admin for private files but skips password verification, allowing...
CVE-2026-30230
Flare is a Next.js-based self-hosted file sharing platform. Prior to version 1.7.2, the thumbnail endpoint did not validate the password for password-protected files; it only checked ownership/admin status for private files and skipped password verification, allowing thumbnails to be accessed wit...
CVE-2026-30230 Flare: Password‑Protected Thumbnail Bypass
Flare is a Next.js-based, self-hostable file sharing platform that integrates with screenshot tools. Prior to version 1.7.2, the thumbnail endpoint does not validate the password for password‑protected files. It checks ownership/admin for private files but skips password verification, allowing...
CVE-2026-30230
Flare is a Next.js-based, self-hostable file sharing platform that integrates with screenshot tools. Prior to version 1.7.2, the thumbnail endpoint does not validate the password for password‑protected files. It checks ownership/admin for private files but skips password verification, allowing...
PT-2026-23755
Name of the Vulnerable Software and Affected Versions Flare versions prior to 1.7.2 Description Flare, a Next.js-based file sharing platform, had a flaw where the thumbnail endpoint did not properly verify passwords for password-protected files. The system checked for ownership or administrator...
Flare 安全漏洞
Flare is a file-sharing platform developed by Zachary Lowery. Versions of Flare prior to 1.7.2 contained security vulnerabilities. These vulnerabilities stemmed from the lack of verification of the password for password-protected files at the thumbnail endpoint, allowing unauthorized access to...
CVE-2025-15524
CVE-2025-15524 affects the WordPress plugin Gallery by FooGallery (versions up to and including 3.1.9). A missing capability check in ajax_get_gallery_info() allows authenticated users with Subscriber-level access and above to enumerate gallery IDs and retrieve private/draft/password-protected ga...
WordPress Elementor Addon Elements plugin <= 1.12.12 - Authenticated (Contributor+) Stored Cross-Site Scripting via Thumbnail Slider Widget vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Thumbnail Slider Widget vulnerability discovered by wesley wcraft in WordPress Plugin Elementor Addon Elements versions = 1.12.12...
EulerOS Virtualization 2.10.1 : libtiff (EulerOS-SA-2026-1129)
According to the versions of the libtiff package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A vulnerability was determined in LibTIFF up to 4.5.1. Affected by this issue is the function readSeparateStripsetoBuffer of the fi...
EulerOS Virtualization 2.10.0 : libtiff (EulerOS-SA-2026-1180)
According to the versions of the libtiff package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A vulnerability was determined in LibTIFF up to 4.5.1. Affected by this issue is the function readSeparateStripsetoBuffer of the fi...
EUVD-2025-206478
Vulnerability that allows a Padding Oracle Attack to be performed on the Funambol v30.0.0.20 cloud server. The thumbnail display URL allows an attacker to decrypt and encrypt the parameters used by the application to generate ‘self-signed’ access URLs...
CVE-2025-41351 Weak encryption on Funambol's cloud server
Vulnerability that allows a Padding Oracle Attack to be performed on the Funambol v30.0.0.20 cloud server. The thumbnail display URL allows an attacker to decrypt and encrypt the parameters used by the application to generate ‘self-signed’ access URLs...
CVE-2025-41351 Weak encryption on Funambol's cloud server
Vulnerability that allows a Padding Oracle Attack to be performed on the Funambol v30.0.0.20 cloud server. The thumbnail display URL allows an attacker to decrypt and encrypt the parameters used by the application to generate ‘self-signed’ access URLs...
CVE-2025-41351
The CVE-2025-41351 entry concerns Funambol v30.0.0.20 cloud server vulnerability where the thumbnail display URL exposes weaknesses that permit a Padding Oracle Attack to decrypt and encrypt parameters used to generate ‘self-signed’ access URLs. Affected component/process appears to be the thumbn...
CVE-2025-41351
Vulnerability that allows a Padding Oracle Attack to be performed on the Funambol v30.0.0.20 cloud server. The thumbnail display URL allows an attacker to decrypt and encrypt the parameters used by the application to generate ‘self-signed’ access URLs...
WordPress Kama Thumbnail plugin <= 3.5.1 - Cross Site Request Forgery (CSRF) vulnerability
Cross Site Request Forgery CSRF vulnerability discovered by Nabil Irawan in WordPress Plugin Kama Thumbnail versions = 3.5.1...