shaneisrael CVE Vulnerabilities & CVE List (4)

Products (CPE): — CVEs: 4

shaneisrael vulnerability overview

Aggregates CVE and security vulnerability intelligence across all shaneisrael-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.

Disclosed issues often relate to vendor risk path handling, vendor risk sql injection, and vendor risk file inclusion; exposure may include vendor impact file overwrite in vendor surface software deployment contexts.

Vulnerability distribution trend (last 24 months)

Showing 14 of 4 CVEs
«« First « Prev Page 1 / 1 Next »
CVE Summary Source Max CVSS EPSS % Published Updated
CVE-2026-34745 Fireshare facilitates self-hosted media and link sharing. Prior to version 1.5.3, the fix for CVE-2026-33645 was applied to the authenticated /api/uploadChunked endpoint but was not applied to the unauthenticated /api/uploadChunked/public endpoint in the same file (app/server/fireshare/api.py). An unauthenticated attacker can exploit the checkSum parameter to write arbitrary files with attacker-controlled content to any writable path on the server filesystem. This issue has been patched in versi [email protected] 9.1 0.62% 2026-04-02 2026-06-17
CVE-2026-33645 Fireshare facilitates self-hosted media and link sharing. In version 1.5.1, an authenticated path traversal vulnerability in Fireshare’s chunked upload endpoint allows an attacker to write arbitrary files outside the intended upload directory. The `checkSum` multipart field is used directly in filesystem path construction without sanitization or containment checks. This enables unauthorized file writes to attacker-chosen paths writable by the Fireshare process (e.g., container `/tmp`), violating [email protected] 7.1 0.43% 2026-03-26 2026-06-17
CVE-2025-67728 Fireshare facilitates self-hosted media and link sharing. Versions 1.2.30 and below allow an authenticated user, or unauthenticated user if the Public Uploads setting is enabled, to craft a malicious filename when uploading a video file. The malicious filename is then concatenated directly into a shell command, which can be used for uploading files to arbitrary directories via path traversal, or executing system commands for Remote Code Execution (RCE). This issue is fixed in version 1.3.0. [email protected] 9.8 0.59% 2025-12-12 2026-06-17
CVE-2025-55476 FireShare FileShare 1.2.25 contains a time-based blind SQL injection vulnerability in the sort parameter of the endpoint: GET /api/videos/public?sort= This parameter is unsafely evaluated in a SQL ORDER BY clause without proper sanitization, allowing an attacker to inject arbitrary SQL subqueries. [email protected] 6.5 0.24% 2025-09-02 2026-06-17
«« First « Prev Page 1 / 1 Next »
cvelogic Threat Intelligence