CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

914 matches found

CVE-2026-53929

NocoDB (pre-2026.05.1) is affected by a Stored Cross-Site Scripting vulnerability when NC_SECURE_ATTACHMENTS=true. An authenticated uploader could deliver .html or .svg attachments that the browser renders inline from the NocoDB origin due to a header-key casing mismatch (ResponseContentDispositi...

5.1CVSS5.8AI score0.00029EPSS

Exploits0References1

ATTACKERKB•added yesterday•2 views

CVE-2026-53929

NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, with NCSECUREATTACHMENTS=true, an authenticated uploader could deliver .html or .svg attachments that the browser rendered inline from the NocoDB origin instead of forcing a download. The signed attachment handler stor...

5.1CVSS5.8AI score0.00029EPSS

Exploits0References2Affected Software1

ATTACKERKB•added 2 days ago•3 views

CVE-2026-53537

Python-Multipart is a streaming multipart parser for Python. Prior to 0.0.30, parseoptionsheader parsed Content-Disposition and Content-Type headers with email.message.Message, which transparently applies RFC 2231/5987 decoding. The extended parameter syntax filename=charset'lang'value, name=...,...

3.7CVSS5.9AI score0.00176EPSS

Exploits0References2Affected Software1

CVE•added 2 days ago•20 views

CVE-2026-53537

CVE-2026-53537 affects the Python-Multipart project. The issue arises because parse_options_header uses an email-based decoding path that applies RFC 2231/5987 extended parameter handling (e.g., filename*=…, name*=…), and surfaces these extended values under the plain filename/name keys, which ca...

3.7CVSS5.9AI score0.00176EPSS

Exploits0References1

Cvelist•added 2 days ago•29 views

CVE-2026-53537 Python-Multipart: Content-Disposition parameter smuggling via RFC 2231/5987 extended parameters

3.7CVSS0.00176EPSS

Exploits0References1

Debian CVE•added 2 days ago•5 views

CVE-2026-53537

3.7CVSS5.9AI score0.00176EPSS

Exploits0

AstraLinux•added 5 days ago•10 views

Astra Linux – Vulnerability in ruby-sinatra

Sinatra is a domain-specific language for creating web applications in Ruby. A vulnerability was discovered in Sinatra 2.0 before versions 2.2.3 and 3.0 before version 3.0.4. The application is vulnerable to a reflected file download RFD attack, which causes the Content-Disposition header of a...

8.8CVSS6.9AI score0.00642EPSS

Exploits1References2

AstraLinux•added 5 days ago•4 views

Astra Linux – Vulnerability in libsoup2.4

A flaw was discovered in libsoup, where the soupmessageheadersgetcontentdisposition function is vulnerable to a NULL pointer dereference. This flaw allows a malicious HTTP peer to crash a libsoup client or server that uses this function...

7.5CVSS7.2AI score0.00694EPSS

Exploits0References2

Positive Technologies•added 2026/06/17 12:0 a.m.•10 views

PT-2026-50475

Summary With NC SECURE ATTACHMENTS=true, an authenticated uploader could deliver .html or .svg attachments that the browser rendered inline from the NocoDB origin instead of forcing a download. Details The signed attachment handler stored response-header overrides under PascalCase keys...

5.1CVSS5.3AI score0.00029EPSS

Exploits0References4

OSV•added 2026/06/15 8:20 p.m.•4 views

GHSA-VFFW-93WF-4J4Q python-multipart: Content-Disposition parameter smuggling via RFC 2231/5987 extended parameters

Summary parseoptionsheader parsed Content-Disposition and Content-Type headers with email.message.Message, which transparently applies RFC 2231/5987 decoding. The extended parameter syntax filename=charset'lang'value, name=..., and the filename0/filename1 continuation form is decoded and surfaced...

3.7CVSS5.3AI score0.00176EPSS

Exploits0References2

Github Security Blog•added 2026/06/15 8:20 p.m.•10 views

python-multipart: Content-Disposition parameter smuggling via RFC 2231/5987 extended parameters

3.7CVSS5.3AI score0.00176EPSS

Exploits0References2Affected Software1

Positive Technologies•added 2026/06/15 12:0 a.m.•10 views

PT-2026-49569

Name of the Vulnerable Software and Affected Versions Python-Multipart versions prior to 0.0.30 Description The parse options header function parsed Content-Disposition and Content-Type headers using email.message.Message, which applies RFC 2231/5987 decoding. This allows extended parameter synta...

3.7CVSS5.8AI score0.00176EPSS

Exploits0References4

OSV•added 2026/06/12 7:16 p.m.•6 views

DEBIAN-CVE-2026-12143

form-data is a library for creating readable multipart/form-data streams. In versions through 4.0.5, the field argument to FormDataappend and the filename option are concatenated verbatim into the Content-Disposition header without escaping carriage return CR, line feed LF, or double-quote "...

8.7CVSS5.4AI score0.00325EPSS

Exploits0References1

Vulnrichment•added 2026/06/12 6:1 p.m.•125 views

CVE-2026-12143 form-data does not escape CR/LF/quote in multipart field names and filenames (CRLF injection)

8.7CVSS5.4AI score0.00325EPSS

Exploits0References7

Debian CVE•added 2026/06/12 6:1 p.m.•7 views

CVE-2026-12143

8.7CVSS5.4AI score0.00325EPSS

Exploits0

Positive Technologies•added 2026/06/12 12:0 a.m.•13 views

PT-2026-48950

Name of the Vulnerable Software and Affected Versions form-data versions prior to 2.5.6 form-data versions prior to 3.0.5 form-data versions prior to 4.0.6 Description The field argument to FormDataappend and the filename option are concatenated verbatim into the Content-Disposition header withou...

8.7CVSS5.2AI score0.00325EPSS

Exploits0References12

NVD•added 2026/06/05 7:16 p.m.•9 views

CVE-2026-46392

HAX CMS helps manage microsite universe with PHP or NodeJs backends. Prior to version 26.0.0 of HAX CMS PHP, the saveFile endpoint validates upload extensions case-insensitively and writes the filename to disk verbatim, but the .htaccess rule that forces Content-Disposition: attachment on HTML...

8.7CVSS0.00223EPSS

Exploits0References1