Lucene search
K

920 matches found

CVE
CVE
added yesterday11 views

CVE-2026-13323

Open VSX Registry before 1.0.2 is affected by a vulnerability in the /vscode/unpkg/ endpoint that serves user-supplied HTML with Content-Type: text/html and without a Content-Security-Policy or Content-Disposition header. An unauthenticated attacker can create a publisher account, upload a VSIX c...

4.1CVSS5.8AI score
Exploits0References2
EUVD
EUVD
added yesterday5 views

EUVD-2026-40945

In Open VSX Registry before 1.0.2, the /vscode/unpkg/ endpoint serves user-supplied HTML files with Content-Type: text/html and without a Content-Security-Policy or Content-Disposition: attachment response header. An unauthenticated attacker can register a publisher account, upload a VSIX...

4.1CVSS5.8AI score
Exploits0References2
RedhatCVE
RedhatCVE
added 2 days ago6 views

CVE-2026-53537

A flaw was found in Python-Multipart. This vulnerability allows a remote attacker to bypass security controls by exploiting a difference in how Content-Disposition and Content-Type headers are parsed. Specifically, the parseoptionsheader function incorrectly applies RFC 2231/5987 decoding, which ...

5.3CVSS5.8AI score0.00177EPSS
Exploits0References4
NVD
NVD
added 2026/06/23 9:17 p.m.9 views

CVE-2026-53929

NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, with NCSECUREATTACHMENTS=true, an authenticated uploader could deliver .html or .svg attachments that the browser rendered inline from the NocoDB origin instead of forcing a download. The signed attachment handler stor...

5.1CVSS0.00288EPSS
Exploits0References1
CVE
CVE
added 2026/06/23 7:44 p.m.14 views

CVE-2026-53929

NocoDB (pre-2026.05.1) is affected by a Stored Cross-Site Scripting vulnerability when NC_SECURE_ATTACHMENTS=true. An authenticated uploader could deliver .html or .svg attachments that the browser renders inline from the NocoDB origin due to a header-key casing mismatch (ResponseContentDispositi...

5.1CVSS5.8AI score0.00288EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/23 7:44 p.m.5 views

CVE-2026-53929

NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, with NCSECUREATTACHMENTS=true, an authenticated uploader could deliver .html or .svg attachments that the browser rendered inline from the NocoDB origin instead of forcing a download. The signed attachment handler stor...

5.1CVSS5.8AI score0.00288EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/06/22 4:57 p.m.31 views

CVE-2026-53537 Python-Multipart: Content-Disposition parameter smuggling via RFC 2231/5987 extended parameters

Python-Multipart is a streaming multipart parser for Python. Prior to 0.0.30, parseoptionsheader parsed Content-Disposition and Content-Type headers with email.message.Message, which transparently applies RFC 2231/5987 decoding. The extended parameter syntax filename=charset'lang'value, name=...,...

3.7CVSS0.00177EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/22 4:57 p.m.4 views

CVE-2026-53537

Python-Multipart is a streaming multipart parser for Python. Prior to 0.0.30, parseoptionsheader parsed Content-Disposition and Content-Type headers with email.message.Message, which transparently applies RFC 2231/5987 decoding. The extended parameter syntax filename=charset'lang'value, name=...,...

3.7CVSS5.9AI score0.00177EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/06/22 4:57 p.m.27 views

CVE-2026-53537

Python-Multipart: Prior to 0.0.30, parse_options_header could decode RFC 2231/5987 extended parameters (filename*=, name*=, etc.) via email.message, leading to the filename/field name being surfaced in ways that RFC 7578 forbids. This allowed parameter smuggling where an attacker could bypass ups...

5.3CVSS5.9AI score0.00177EPSS
Exploits0References1Affected Software1
Debian CVE
Debian CVE
added 2026/06/22 4:57 p.m.6 views

CVE-2026-53537

Python-Multipart is a streaming multipart parser for Python. Prior to 0.0.30, parseoptionsheader parsed Content-Disposition and Content-Type headers with email.message.Message, which transparently applies RFC 2231/5987 decoding. The extended parameter syntax filename=charset'lang'value, name=...,...

5.3CVSS5.9AI score0.00177EPSS
Exploits0
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.11 views

Astra Linux – Vulnerability in ruby-sinatra

Sinatra is a domain-specific language for creating web applications in Ruby. A vulnerability was discovered in Sinatra 2.0 before versions 2.2.3 and 3.0 before version 3.0.4. The application is vulnerable to a reflected file download RFD attack, which causes the Content-Disposition header of a...

8.8CVSS6.9AI score0.00642EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.3 views

Astra Linux – Vulnerability in Firefox and Thunderbird

When a file download is specified via the Content-Disposition header, that directive would be ignored if the file was included via a or tag. This could potentially make a website vulnerable to a cross-site scripting attack. This vulnerability has been fixed in Firefox 140, Firefox ESR 128.12,...

6.1CVSS6.1AI score0.00215EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability in Firefox and Thunderbird

When handling the filename directive in the Content-Disposition header, the filename would be truncated if the filename contained a NULL character. This could lead to reflected file download attacks that potentially trick users into installing malware. This vulnerability affects Firefox 112, Focu...

8.8CVSS7.1AI score0.00737EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.11 views

PT-2026-50475

Name of the Vulnerable Software and Affected Versions NocoDB versions prior to 2026.05.1 Description When NC SECURE ATTACHMENTS is set to true, an authenticated uploader can upload .html or .svg attachments that the browser renders inline from the NocoDB origin instead of forcing a download. This...

5.1CVSS5.7AI score0.00288EPSS
Exploits0References5
OSV
OSV
added 2026/06/15 8:20 p.m.6 views

GHSA-VFFW-93WF-4J4Q python-multipart: Content-Disposition parameter smuggling via RFC 2231/5987 extended parameters

Summary parseoptionsheader parsed Content-Disposition and Content-Type headers with email.message.Message, which transparently applies RFC 2231/5987 decoding. The extended parameter syntax filename=charset'lang'value, name=..., and the filename0/filename1 continuation form is decoded and surfaced...

3.7CVSS5.3AI score0.00177EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/06/15 8:20 p.m.15 views

python-multipart: Content-Disposition parameter smuggling via RFC 2231/5987 extended parameters

Summary parseoptionsheader parsed Content-Disposition and Content-Type headers with email.message.Message, which transparently applies RFC 2231/5987 decoding. The extended parameter syntax filename=charset'lang'value, name=..., and the filename0/filename1 continuation form is decoded and surfaced...

5.3CVSS5.3AI score0.00177EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.16 views

PT-2026-49569

Name of the Vulnerable Software and Affected Versions Python-Multipart versions prior to 0.0.30 Description The parse options header function parsed Content-Disposition and Content-Type headers using email.message.Message, which applies RFC 2231/5987 decoding. This allows extended parameter synta...

5.3CVSS5.8AI score0.00177EPSS
Exploits0References11
OSV
OSV
added 2026/06/12 7:16 p.m.7 views

DEBIAN-CVE-2026-12143

form-data is a library for creating readable multipart/form-data streams. In versions through 4.0.5, the field argument to FormDataappend and the filename option are concatenated verbatim into the Content-Disposition header without escaping carriage return CR, line feed LF, or double-quote "...

8.7CVSS5.4AI score0.00409EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/12 6:1 p.m.148 views

CVE-2026-12143 form-data does not escape CR/LF/quote in multipart field names and filenames (CRLF injection)

form-data is a library for creating readable multipart/form-data streams. In versions through 4.0.5, the field argument to FormDataappend and the filename option are concatenated verbatim into the Content-Disposition header without escaping carriage return CR, line feed LF, or double-quote "...

8.7CVSS5.4AI score0.00409EPSS
Exploits0References7
Debian CVE
Debian CVE
added 2026/06/12 6:1 p.m.7 views

CVE-2026-12143

form-data is a library for creating readable multipart/form-data streams. In versions through 4.0.5, the field argument to FormDataappend and the filename option are concatenated verbatim into the Content-Disposition header without escaping carriage return CR, line feed LF, or double-quote "...

8.7CVSS5.4AI score0.00409EPSS
Exploits0
Rows per page
Query Builder