CVE-2026-34745
- EPSS 0.06%
- Veröffentlicht 02.04.2026 18:38:17
- Zuletzt bearbeitet 03.04.2026 19:50:08
Fireshare facilitates self-hosted media and link sharing. Prior to version 1.5.3, the fix for CVE-2026-33645 was applied to the authenticated /api/uploadChunked endpoint but was not applied to the unauthenticated /api/uploadChunked/public endpoint in...
CVE-2026-33645
- EPSS 0.07%
- Veröffentlicht 26.03.2026 20:58:21
- Zuletzt bearbeitet 30.03.2026 18:12:01
Fireshare facilitates self-hosted media and link sharing. In version 1.5.1, an authenticated path traversal vulnerability in Fireshare’s chunked upload endpoint allows an attacker to write arbitrary files outside the intended upload directory. The `c...
CVE-2025-67728
- EPSS 0.38%
- Veröffentlicht 12.12.2025 07:15:45
- Zuletzt bearbeitet 22.12.2025 19:05:45
Fireshare facilitates self-hosted media and link sharing. Versions 1.2.30 and below allow an authenticated user, or unauthenticated user if the Public Uploads setting is enabled, to craft a malicious filename when uploading a video file. The maliciou...
CVE-2025-55476
- EPSS 0.03%
- Veröffentlicht 02.09.2025 00:00:00
- Zuletzt bearbeitet 05.09.2025 18:10:09
FireShare FileShare 1.2.25 contains a time-based blind SQL injection vulnerability in the sort parameter of the endpoint: GET /api/videos/public?sort= This parameter is unsafely evaluated in a SQL ORDER BY clause without proper sanitization, allowing...