VYPR
Vendor

Flintsh

Products
1
CVEs
4
Across products
4
Status
Private

Products

1

Recent CVEs

4
  • CVE-2026-30230HigMar 6, 2026
    risk 0.49cvss 7.5epss 0.00

    Flare is a Next.js-based, self-hostable file sharing platform that integrates with screenshot tools. Prior to version 1.7.2, the thumbnail endpoint does not validate the password for password‑protected files. It checks ownership/admin for private files but skips password…

  • CVE-2026-30231MedMar 6, 2026
    risk 0.34cvss 5.3epss 0.00

    Flare is a Next.js-based, self-hostable file sharing platform that integrates with screenshot tools. Prior to version 1.7.2, the raw and direct file routes only block unauthenticated users from accessing private files. Any authenticated, non‑owner user who knows the file URL…

  • CVE-2026-30942Mar 10, 2026
    risk 0.00cvss epss 0.01

    Flare is a Next.js-based, self-hostable file sharing platform that integrates with screenshot tools. Prior to 1.7.3, an authenticated path traversal vulnerability in /api/avatars/[filename] allows any logged-in user to read arbitrary files from within the application container.…

  • CVE-2026-26993Feb 20, 2026
    risk 0.00cvss epss 0.00

    Flare is a Next.js-based, self-hostable file sharing platform that integrates with screenshot tools. Versions 1.7.0 and below allow users to upload files without proper content validation or sanitization. By embedding malicious JavaScript within an SVG (or other active content…