CVE-2026-30942
- EPSS 0.21%
- Veröffentlicht 10.03.2026 16:44:10
- Zuletzt bearbeitet 18.03.2026 16:40:18
Flare is a Next.js-based, self-hostable file sharing platform that integrates with screenshot tools. Prior to 1.7.3, an authenticated path traversal vulnerability in /api/avatars/[filename] allows any logged-in user to read arbitrary files from withi...
CVE-2026-30230
- EPSS 0.02%
- Veröffentlicht 06.03.2026 21:16:17
- Zuletzt bearbeitet 09.04.2026 20:20:02
Flare is a Next.js-based, self-hostable file sharing platform that integrates with screenshot tools. Prior to version 1.7.2, the thumbnail endpoint does not validate the password for password‑protected files. It checks ownership/admin for private fil...
CVE-2026-30231
- EPSS 0.03%
- Veröffentlicht 06.03.2026 21:16:17
- Zuletzt bearbeitet 09.04.2026 20:21:57
Flare is a Next.js-based, self-hostable file sharing platform that integrates with screenshot tools. Prior to version 1.7.2, the raw and direct file routes only block unauthenticated users from accessing private files. Any authenticated, non‑owner us...
CVE-2026-26993
- EPSS 0.01%
- Veröffentlicht 20.02.2026 03:16:01
- Zuletzt bearbeitet 03.03.2026 17:35:32
Flare is a Next.js-based, self-hostable file sharing platform that integrates with screenshot tools. Versions 1.7.0 and below allow users to upload files without proper content validation or sanitization. By embedding malicious JavaScript within an S...