928 matches found
GHSA-M8F9-9WHG-F4XR Open WebUI has stored XSS via attacker-controlled file extension in /api/v1/audio/transcriptions
Summary The audio transcription upload endpoint takes the file extension from the user-supplied filename and saves the file under CACHEDIR/audio/transcriptions/.. The /cache/path route serves these files via FileResponse, which sets Content-Type from the on-disk extension and emits no...
Open WebUI has stored XSS via attacker-controlled file extension in /api/v1/audio/transcriptions
Summary The audio transcription upload endpoint takes the file extension from the user-supplied filename and saves the file under CACHEDIR/audio/transcriptions/.. The /cache/path route serves these files via FileResponse, which sets Content-Type from the on-disk extension and emits no...
Linux Distros Unpatched Vulnerability : CVE-2026-8159
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - [email protected] and lower versions are vulnerable to denial of service via regular expression backtracking in the Content-Disposition filename parameter parser...
DEBIAN-CVE-2026-8159
[email protected] and lower versions are vulnerable to denial of service via regular expression backtracking in the Content-Disposition filename parameter parser. A crafted multipart upload with a long header value can cause regex matching to take seconds, blocking the event loop. Impact: any...
CVE-2026-8159
[email protected] and lower versions are vulnerable to denial of service via regular expression backtracking in the Content-Disposition filename parameter parser. A crafted multipart upload with a long header value can cause regex matching to take seconds, blocking the event loop. Impact: any...
CVE-2026-8159
[email protected] and lower versions are vulnerable to denial of service via regular expression backtracking in the Content-Disposition filename parameter parser. A crafted multipart upload with a long header value can cause regex matching to take seconds, blocking the event loop. Impact: any...
CVE-2026-8159 multiparty vulnerable to ReDoS via filename parsing
[email protected] and lower versions are vulnerable to denial of service via regular expression backtracking in the Content-Disposition filename parameter parser. A crafted multipart upload with a long header value can cause regex matching to take seconds, blocking the event loop. Impact: any...
CVE-2026-8159
[email protected] and lower versions are vulnerable to denial of service via regular expression backtracking in the Content-Disposition filename parameter parser. A crafted multipart upload with a long header value can cause regex matching to take seconds, blocking the event loop. Impact: any...
PT-2026-39996
Name of the Vulnerable Software and Affected Versions multiparty versions prior to 4.3.0 Description A denial of service issue exists due to regular expression backtracking in the Content-Disposition filename parameter parser. A crafted multipart upload containing a long header value can cause...
Brave Desktop 1.90.121 Security Fixes
Changed IPFS gateway usage from "ipfs.io" to "inbrowser.link" for IPFS domain resolution. - Fixed broken address bar layout for narrow window widths. - Updated body-sniffing to respect "Content-Disposition: attachment" in de-AMP as reported on HackerOne by newfunction. Upgraded Chromium to...
Unity Linux 20.1070a Security Update: pcs (UTSA-2026-007287)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007287 advisory. Tornado is a Python web framework and asynchronous networking library. Versions 6.5.2 and below use an inefficient algorithm when parsing parameters for HTTP header...
CVE-2026-35213
@hapi/content provided HTTP Content- headers parsing. All versions of @hapi/content through 6.0.0 are vulnerable to Regular Expression Denial of Service ReDoS via crafted HTTP header values. Three regular expressions used to parse Content-Type and Content-Disposition headers contain patterns...
CVE-2026-35213
@hapi/content provided HTTP Content- headers parsing. All versions of @hapi/content through 6.0.0 are vulnerable to Regular Expression Denial of Service ReDoS via crafted HTTP header values. Three regular expressions used to parse Content-Type and Content-Disposition headers contain patterns...
CVE-2026-35213 Regular Expression Denial of Service (ReDoS) in @hapi/content HTTP header parsing
@hapi/content provided HTTP Content- headers parsing. All versions of @hapi/content through 6.0.0 are vulnerable to Regular Expression Denial of Service ReDoS via crafted HTTP header values. Three regular expressions used to parse Content-Type and Content-Disposition headers contain patterns...
CVE-2026-35213
@hapi/content provided HTTP Content- headers parsing. All versions of @hapi/content through 6.0.0 are vulnerable to Regular Expression Denial of Service ReDoS via crafted HTTP header values. Three regular expressions used to parse Content-Type and Content-Disposition headers contain patterns...
GHSA-JG4P-7FHP-P32P @hapi/content: Regular Expression Denial of Service (ReDoS) in HTTP header parsing
All versions of @hapi/content through 6.0.0 are vulnerable to Regular Expression Denial of Service ReDoS via crafted HTTP header values. Three regular expressions used to parse Content-Type and Content-Disposition headers contain patterns susceptible to catastrophic backtracking. This has been...
Regular Expression Denial of Service (ReDoS)
Overview @hapi/content is a HTTP Content- headers parsing Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS through the Content-Type and Content-Disposition header parsing. An attacker can cause the application to become unresponsive by sending a singl...
@hapi/content: Regular Expression Denial of Service (ReDoS) in HTTP header parsing
All versions of @hapi/content through 6.0.0 are vulnerable to Regular Expression Denial of Service ReDoS via crafted HTTP header values. Three regular expressions used to parse Content-Type and Content-Disposition headers contain patterns susceptible to catastrophic backtracking. This has been...
GHSA-V6X5-CG8R-VV6X Rack's multipart header parsing allows Denial of Service via escape-heavy quoted parameters
Summary Rack::Multipart::Parserhandlemimehead parses quoted multipart parameters such as Content-Disposition: form-data; name="..." using repeated Stringindex searches combined with Stringslice! prefix deletion. For escape-heavy quoted values, this causes super-linear processing. An unauthenticat...
GHSA-QFC3-HM4J-7Q77 n8n Vulnerable to XSS via Binary Data Inline HTML Rendering
Impact An authenticated user with permission to create or modify workflows could craft a workflow that produces an HTML binary data object without a filename. The /rest/binary-data endpoint served such responses inline on the n8n origin without Content-Disposition or Content-Security-Policy...