Lucene search
K

928 matches found

OSV
OSV
added 2026/05/14 8:17 p.m.10 views

GHSA-M8F9-9WHG-F4XR Open WebUI has stored XSS via attacker-controlled file extension in /api/v1/audio/transcriptions

Summary The audio transcription upload endpoint takes the file extension from the user-supplied filename and saves the file under CACHEDIR/audio/transcriptions/.. The /cache/path route serves these files via FileResponse, which sets Content-Type from the on-disk extension and emits no...

8.7CVSS6.2AI score0.0018EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2026/05/14 8:17 p.m.12 views

Open WebUI has stored XSS via attacker-controlled file extension in /api/v1/audio/transcriptions

Summary The audio transcription upload endpoint takes the file extension from the user-supplied filename and saves the file under CACHEDIR/audio/transcriptions/.. The /cache/path route serves these files via FileResponse, which sets Content-Type from the on-disk extension and emits no...

8.7CVSS6.2AI score0.0018EPSS
Exploits1References4Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/05/13 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2026-8159

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - [email protected] and lower versions are vulnerable to denial of service via regular expression backtracking in the Content-Disposition filename parameter parser...

7.5CVSS5.4AI score0.00335EPSS
Exploits0References3
OSV
OSV
added 2026/05/12 10:16 a.m.7 views

DEBIAN-CVE-2026-8159

[email protected] and lower versions are vulnerable to denial of service via regular expression backtracking in the Content-Disposition filename parameter parser. A crafted multipart upload with a long header value can cause regex matching to take seconds, blocking the event loop. Impact: any...

7.5CVSS5.8AI score0.00335EPSS
Exploits0References1
NVD
NVD
added 2026/05/12 10:16 a.m.15 views

CVE-2026-8159

[email protected] and lower versions are vulnerable to denial of service via regular expression backtracking in the Content-Disposition filename parameter parser. A crafted multipart upload with a long header value can cause regex matching to take seconds, blocking the event loop. Impact: any...

7.5CVSS0.00335EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/05/12 8:35 a.m.6 views

CVE-2026-8159

[email protected] and lower versions are vulnerable to denial of service via regular expression backtracking in the Content-Disposition filename parameter parser. A crafted multipart upload with a long header value can cause regex matching to take seconds, blocking the event loop. Impact: any...

7.5CVSS5.8AI score0.00335EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/05/12 8:35 a.m.39 views

CVE-2026-8159 multiparty vulnerable to ReDoS via filename parsing

[email protected] and lower versions are vulnerable to denial of service via regular expression backtracking in the Content-Disposition filename parameter parser. A crafted multipart upload with a long header value can cause regex matching to take seconds, blocking the event loop. Impact: any...

7.5CVSS0.00335EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2026/05/12 8:35 a.m.13 views

CVE-2026-8159

[email protected] and lower versions are vulnerable to denial of service via regular expression backtracking in the Content-Disposition filename parameter parser. A crafted multipart upload with a long header value can cause regex matching to take seconds, blocking the event loop. Impact: any...

7.5CVSS5.8AI score0.00335EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/05/12 12:0 a.m.12 views

PT-2026-39996

Name of the Vulnerable Software and Affected Versions multiparty versions prior to 4.3.0 Description A denial of service issue exists due to regular expression backtracking in the Content-Disposition filename parameter parser. A crafted multipart upload containing a long header value can cause...

7.5CVSS5.8AI score0.00335EPSS
Exploits0References10
Brave Browser
Brave Browser
added 2026/05/07 4:17 a.m.14 views

Brave Desktop 1.90.121 Security Fixes

Changed IPFS gateway usage from "ipfs.io" to "inbrowser.link" for IPFS domain resolution. - Fixed broken address bar layout for narrow window widths. - Updated body-sniffing to respect "Content-Disposition: attachment" in de-AMP as reported on HackerOne by newfunction. Upgraded Chromium to...

5.8AI score
Exploits0References4Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/04/17 12:0 a.m.6 views

Unity Linux 20.1070a Security Update: pcs (UTSA-2026-007287)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007287 advisory. Tornado is a Python web framework and asynchronous networking library. Versions 6.5.2 and below use an inefficient algorithm when parsing parameters for HTTP header...

7.5CVSS6.6AI score0.00378EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/04/07 11:1 p.m.6 views

CVE-2026-35213

@hapi/content provided HTTP Content- headers parsing. All versions of @hapi/content through 6.0.0 are vulnerable to Regular Expression Denial of Service ReDoS via crafted HTTP header values. Three regular expressions used to parse Content-Type and Content-Disposition headers contain patterns...

8.7CVSS5.9AI score0.00413EPSS
Exploits0References1
NVD
NVD
added 2026/04/06 9:16 p.m.11 views

CVE-2026-35213

@hapi/content provided HTTP Content- headers parsing. All versions of @hapi/content through 6.0.0 are vulnerable to Regular Expression Denial of Service ReDoS via crafted HTTP header values. Three regular expressions used to parse Content-Type and Content-Disposition headers contain patterns...

8.7CVSS0.00413EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/04/06 8:8 p.m.20 views

CVE-2026-35213 Regular Expression Denial of Service (ReDoS) in @hapi/content HTTP header parsing

@hapi/content provided HTTP Content- headers parsing. All versions of @hapi/content through 6.0.0 are vulnerable to Regular Expression Denial of Service ReDoS via crafted HTTP header values. Three regular expressions used to parse Content-Type and Content-Disposition headers contain patterns...

8.7CVSS0.00413EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/04/06 8:8 p.m.16 views

CVE-2026-35213

@hapi/content provided HTTP Content- headers parsing. All versions of @hapi/content through 6.0.0 are vulnerable to Regular Expression Denial of Service ReDoS via crafted HTTP header values. Three regular expressions used to parse Content-Type and Content-Disposition headers contain patterns...

8.7CVSS5.9AI score0.00413EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/04/04 4:23 a.m.1 views

GHSA-JG4P-7FHP-P32P @hapi/content: Regular Expression Denial of Service (ReDoS) in HTTP header parsing

All versions of @hapi/content through 6.0.0 are vulnerable to Regular Expression Denial of Service ReDoS via crafted HTTP header values. Three regular expressions used to parse Content-Type and Content-Disposition headers contain patterns susceptible to catastrophic backtracking. This has been...

8.7CVSS5.5AI score0.00413EPSS
Exploits0References4
Snyk
Snyk
added 2026/04/04 4:23 a.m.12 views

Regular Expression Denial of Service (ReDoS)

Overview @hapi/content is a HTTP Content- headers parsing Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS through the Content-Type and Content-Disposition header parsing. An attacker can cause the application to become unresponsive by sending a singl...

8.7CVSS5.9AI score0.00413EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/04/04 4:23 a.m.9 views

@hapi/content: Regular Expression Denial of Service (ReDoS) in HTTP header parsing

All versions of @hapi/content through 6.0.0 are vulnerable to Regular Expression Denial of Service ReDoS via crafted HTTP header values. Three regular expressions used to parse Content-Type and Content-Disposition headers contain patterns susceptible to catastrophic backtracking. This has been...

8.7CVSS5.4AI score0.00413EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/04/02 8:30 p.m.1 views

GHSA-V6X5-CG8R-VV6X Rack's multipart header parsing allows Denial of Service via escape-heavy quoted parameters

Summary Rack::Multipart::Parserhandlemimehead parses quoted multipart parameters such as Content-Disposition: form-data; name="..." using repeated Stringindex searches combined with Stringslice! prefix deletion. For escape-heavy quoted values, this causes super-linear processing. An unauthenticat...

7.5CVSS5.8AI score0.00475EPSS
Exploits0References4
OSV
OSV
added 2026/03/26 6:28 p.m.2 views

GHSA-QFC3-HM4J-7Q77 n8n Vulnerable to XSS via Binary Data Inline HTML Rendering

Impact An authenticated user with permission to create or modify workflows could craft a workflow that produces an HTML binary data object without a filename. The /rest/binary-data endpoint served such responses inline on the n8n origin without Content-Disposition or Content-Security-Policy...

8.9CVSS5.9AI score0.00249EPSS
Exploits0References3
Rows per page
Query Builder