Lucene search
+L
VulnrichmentRecent

163634 matches found

vulnrichment
vulnrichment
added 2026/06/12 8:30 p.m.8 views

CVE-2026-54394 MISP organisation logo path traversal allows retrieval of arbitrary PNG/SVG files

MISP contains a path traversal vulnerability in OrganisationsController::getOrgLogo. The vulnerable code builds organisation logo file paths using organisation-controlled fields such as id, name, and uuid without ensuring that the resolved file remains inside the intended APP/files/img/orgs/...

5.3CVSS5.5AI score0.00319EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2026/06/12 8:30 p.m.9 views

CVE-2026-12129 CodeAstro Human Resource Management System Dashboard add_tod cross site scripting

A vulnerability was identified in CodeAstro Human Resource Management System 1.0. Affected by this issue is some unknown functionality of the file /dashboard/addtod of the component Dashboard Interface. The manipulation of the argument tododata leads to cross site scripting. The attack may be...

5.1CVSS3.5AI score0.00203EPSS
Exploits0References6
vulnrichment
vulnrichment
added 2026/06/12 8:26 p.m.12 views

CVE-2026-47264 Discourse: Don't leak restricted tag group names via tag info

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.4, 2026.3.0-latest to before 2026.3.1, and 2026.4.0-latest to before 2026.4.1, DetailedTagSerializertaggroupnames returned every tag group a tag belonged to without filtering against the requesting...

5.3CVSS5.2AI score0.00216EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2026/06/12 8:26 p.m.9 views

CVE-2026-47263 Discourse: Prevent webhook payload disclosure on event redelivery

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.4, 2026.3.0-latest to before 2026.3.1, and 2026.4.0-latest to before 2026.4.1, the MessageBus.publish call for /webhookevents/ in Jobs::RedeliverWebHookEvents did not pass groupids, leaving the channel...

4.3CVSS5.2AI score0.00211EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2026/06/12 8:25 p.m.10 views

CVE-2026-45775 Discourse: Cross-site backup access via path traversal in multisite local backups

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.4, 2026.3.0-latest to before 2026.3.1, and 2026.4.0-latest to before 2026.4.1, a path traversal vulnerability in Discourse backup handling could allow an authenticated administrator on one site in a...

6.8CVSS5.1AI score0.00323EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2026/06/12 8:25 p.m.10 views

CVE-2026-45085 Discourse: Chat misauthorization and information disclosure

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.4, 2026.3.0-latest to before 2026.3.1, and 2026.4.0-latest to before 2026.4.1, four authorization/disclosure issues in the chat plugin one also involving discourse-calendar: read-only category users...

5.3CVSS5.2AI score0.00213EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2026/06/12 8:24 p.m.9 views

CVE-2026-44785 Discourse: Hidden reply-to post raw can be disclosed through AI explain prompts

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.4, 2026.3.0-latest to before 2026.3.1, and 2026.4.0-latest to before 2026.4.1, the AI "explain" helper only checks cansee? on the post being explained, not its replytopost, so any authenticated user wi...

4.3CVSS5.2AI score0.00189EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2026/06/12 8:23 p.m.10 views

CVE-2026-44784 Discourse: Non-staff group owners can see email password in plaintext through group history

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.4, 2026.3.0-latest to before 2026.3.1, and 2026.4.0-latest to before 2026.4.1, group owners who are not necessarily admins or moderators can view a group's outgoing email/SMTP credentials in plaintext...

6.5CVSS5.3AI score0.00231EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2026/06/12 8:23 p.m.8 views

CVE-2026-44783 Discourse: Replying to a whisper lets non-whisperers create staff-only whisper posts

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.4, 2026.3.0-latest to before 2026.3.1, and 2026.4.0-latest to before 2026.4.1, a flaw in how replies to whisper posts are handled allows authenticated users outside the groups configured in...

5.4CVSS5.3AI score0.00148EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2026/06/12 8:23 p.m.9 views

CVE-2026-44782 Discourse: GroupPostSerializer leaks hidden full names through reaction post association

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.4, 2026.3.0-latest to before 2026.3.1, and 2026.4.0-latest to before 2026.4.1, GroupPostSerializer declared includeuserlongname? as the predicate for its :name attribute, but AMS looks for includename?...

4.3CVSS5.2AI score0.00189EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2026/06/12 8:22 p.m.10 views

CVE-2026-44780 Discourse: Category queue reviewers can read raw incoming emails from queued posts

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.4, 2026.3.0-latest to before 2026.3.1, and 2026.4.0-latest to before 2026.4.1, ReviewableQueuedPostSerializer unconditionally included payload"rawemail" for posts that arrived via incoming email...

4.3CVSS5.2AI score0.00189EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2026/06/12 8:22 p.m.32 views

CVE-2026-44779 Discourse: Bot debug endpoints disclose whisper translation audit logs

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.4, 2026.3.0-latest to before 2026.3.1, and 2026.4.0-latest to before 2026.4.1, bot debug endpoints disclose whisper translation audit logs. This issue has been patched in versions 2026.1.4, 2026.3.1,...

4.3CVSS5.2AI score0.00235EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2026/06/12 8:22 p.m.8 views

CVE-2026-44786 Discourse: Public chat MessageBus broadcasts are not restricted to chat-eligible users

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.4, 2026.3.0-latest to before 2026.3.1, and 2026.4.0-latest to before 2026.4.1, chat events for public category channels are published to MessageBus without permission scoping, so any MessageBus...

7.5CVSS5.2AI score0.00259EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2026/06/12 8:21 p.m.7 views

CVE-2026-54393 MISP Overmind theme stored XSS via unvalidated homepage setting

A stored cross-site scripting vulnerability exists in MISP when the Overmind theme is used. The setHomePage endpoint previously saved the user-controlled path value through setSettingInternal, bypassing the normal setSetting validation logic, including validatehomepage, which requires homepage...

5.1CVSS5.2AI score0.00377EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2026/06/12 8:8 p.m.9 views

CVE-2026-54362 MISP template builder exposes non-visible custom galaxies across organisations

An incorrect visibility condition in the MISP event template builder allowed authenticated non-site-admin users to view galaxies that should not have been visible to their organisation. The custom access-control condition intended to restrict galaxies to those owned by the user’s organisation or...

5.3CVSS5.3AI score0.00207EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2026/06/12 8:7 p.m.10 views

CVE-2026-54057 Kitty vulnerable to command injection via unsanitized OSC 21 query reply

Kitty is a cross-platform GPU based terminal. In versions prior to 0.47.3, kitty's OSC 21 color-control query reply reflects attacker-controlled bytes, including newlines, into the shell's input without sanitization. Version 0.47.3 fixes the issue...

7.3CVSS5.2AI score0.00166EPSS
Exploits1References1
vulnrichment
vulnrichment
added 2026/06/12 8:6 p.m.8 views

CVE-2026-54056 Kitty has an arbitrary file overwrite via symlink following in `kitten dnd` remote drop staging

Kitty is a cross-platform GPU based terminal. In versions 0.47.0 and 0.47.1, kitten dnd can allow a malicious remote drag-and-drop source to overwrite or truncate arbitrary files writable by the local kitty user. Remote text/uri-list drops are staged in a temporary directory, but on case-sensitiv...

7.6CVSS5.6AI score0.00268EPSS
Exploits1References1
vulnrichment
vulnrichment
added 2026/06/12 8:3 p.m.6 views

CVE-2026-54055 Kitty has an Arbitrary File Write via Symlink Race Condition in File Transmission Protocol

Kitty is a cross-platform GPU based terminal. In versions prior to 0.47.2, a local privilege escalation vulnerability exists in kitty's file transmission protocol where a child process running in the terminal can write to arbitrary files on the filesystem by exploiting a TOCTOU...

5CVSS5.5AI score0.00072EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2026/06/12 8:0 p.m.9 views

CVE-2026-42851 @kitty-edit DCS + --color=geninclude vulnerable to Unauthenticated in-process RCE

Kitty is a cross-platform GPU based terminal. In versions prior to 0.47.0, a program able to write bytes to a kitty terminal — a remote SSH peer, a downloaded file viewed with cat, a log line, an email body rendered in less, an issue body in a TUI, etc. — can cause kitty to execute...

7.8CVSS5.5AI score0.00164EPSS
Exploits1References1
vulnrichment
vulnrichment
added 2026/06/12 7:59 p.m.9 views

CVE-2026-54361 MISP mass assignment vulnerabilities allow unauthorized modification of ownership and delegation records

MISP contained multiple mass assignment vulnerabilities in the handling of collections, tag collections, event delegations, and shadow attributes. Several controller actions accepted user-supplied fields that should have remained server-controlled, including record identifiers and ownership-relat...

8.8CVSS5.1AI score0.00262EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2026/06/12 7:59 p.m.13 views

CVE-2026-42850 Kitty has a shell command injection

Kitty is a cross-platform GPU based terminal. In versions prior to 0.47.0, it is possible to inject commands within the subshell through kitty error. A special escape code will make kitty return an error, this error is not escaped and will be correctly echoed back to the terminal with CRLF, as su...

7.4CVSS5.5AI score0.00287EPSS
Exploits1References1
vulnrichment
vulnrichment
added 2026/06/12 7:51 p.m.9 views

CVE-2026-54360 MISP sharing group creation mass assignment allows unauthorized takeover of existing sharing groups

A mass assignment vulnerability exists in MISP’s sharing group creation endpoint. When creating a new sharing group, the controller did not remove a user-supplied id field before saving the submitted data. In CakePHP, supplying a primary key in the save data can cause a create followed by save...

8.4CVSS5.3AI score0.00226EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2026/06/12 7:44 p.m.8 views

CVE-2026-54359 MISP automation endpoints may be exposed to CSRF when Sec-Fetch-Site protection is disabled by default

MISP contains an insecure default configuration in which the Security.checksecfetchsiteheader control is disabled. When this setting is disabled, state-changing requests such as POST, PUT, or AJAX requests are not restricted based on the browser-provided Sec-Fetch-Site header. A remote...

7.1CVSS5.2AI score0.00189EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2026/06/12 7:34 p.m.9 views

CVE-2026-54358 MISP organization administrators can target site administrator accounts for password reset

An incorrect authorization vulnerability in MISP allows an organization administrator to target site administrator accounts belonging to the same organization through the administrative email functionality. The affected code restricted organization administrators to users within their own...

7.5CVSS5.3AI score0.00229EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2026/06/12 7:25 p.m.14 views

CVE-2026-54357 MISP improper authorization allows organization administrators to modify site administrator user settings

An improper authorization vulnerability in MISP allowed an authenticated organization administrator to access or modify user settings belonging to site administrator accounts within the same organization. The affected access-control checks scoped administrative actions by organization membership...

5.1CVSS5.3AI score0.00254EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2026/06/12 7:5 p.m.7 views

CVE-2026-43872 actual-server has a path traversal vulnerability

Actual is an open-source personal finance application. Prior to version 26.5.0, several endpoints are affected by a path traversal vulnerability. Version 26.5.0 fixes the issue...

5.3CVSS5.3AI score0.00303EPSS
Exploits0References2
vulnrichment
vulnrichment
added 2026/06/12 6:58 p.m.12 views

CVE-2026-42890 actual Allows Electron to Run As Node

Actual is an open-source personal finance application. In the macOS desktop application version 25.x built on Electron 39.2.7, the ELECTRONRUNASNODE fuse is not disabled, allowing an attacker who can place a file on disk or control command-line arguments to invoke the signed Actual.app binary wit...

4.8CVSS5.6AI score0.00126EPSS
Exploits0References2
vulnrichment
vulnrichment
added 2026/06/12 6:51 p.m.9 views

CVE-2026-50552 Koel: Server-Side Request Forgery (SSRF) in radio station creation due to missing validation bail

Koel is a free, open-source music streaming solution. Prior to version 9.7.1, Koel contains a Server-Side Request Forgery SSRF vulnerability in the radio station creation endpoint POST /api/radio/stations. The url field validation rules are declared without the bail keyword, so the...

6.3CVSS5.4AI score0.0016EPSS
Exploits0References2
vulnrichment
vulnrichment
added 2026/06/12 6:50 p.m.12 views

CVE-2026-47260 Koel Vulnerable to SSRF via Podcast Episode Enclosure URLs

Koel is a free, open-source music streaming solution. Prior to version 9.3.5, Koel validates the podcast feed URL via the SafeUrl rule DNS resolution + public IP check, but the individual episode values extracted from the RSS XML are stored directly into the database without any SSRF validation...

7.7CVSS5.3AI score0.00263EPSS
Exploits0References2
vulnrichment
vulnrichment
added 2026/06/12 6:44 p.m.8 views

CVE-2026-50287 Missing Authentication for Critical Function in @agenticmail/mcp

AgenticMail gives AI agents real email addresses and phone numbers. Prior to version 0.9.27, @agenticmail/mcp exposes a Streamable HTTP transport when started with --http or MCPHTTP=1. In that mode, the /mcp endpoint accepts requests without any HTTP authentication layer. A remote client can...

8.7CVSS5.3AI score0.00359EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2026/06/12 6:42 p.m.15 views

CVE-2026-42604 Actual has an OpenID `client_secret` Disclosure via Broken Authorization Guard in `/openid/config`

Actual is a local-first personal finance tool. The POST /openid/config endpoint in Actual Budget's sync-server versions = 26.4.0 exposes the full OpenID Connect configuration—including the OAuth2 clientsecret—to any caller who knows the bootstrap password. The endpoint also lacks authentication a...

9.1CVSS5.3AI score0.004EPSS
Exploits0References2
vulnrichment
vulnrichment
added 2026/06/12 6:37 p.m.10 views

CVE-2026-53726 Parse Server: Relation `$relatedTo` query bypasses `protectedFields` and owning-object ACL

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.80 and 9.9.1-alpha.6, a relation query using the $relatedTo operator could read the membership of a Relation field even when that field was hidden from the requesting clie...

6.9CVSS5.4AI score0.00276EPSS
Exploits0References3
vulnrichment
vulnrichment
added 2026/06/12 6:35 p.m.11 views

CVE-2026-12043 Heap double-free in AWS Common Runtime aws-c-http

Improper handling of HPACK dynamic table size updates in the AWS Common Runtime aws-c-http library might allow a remote threat actor operating a server to cause memory corruption on a connecting client application, potentially leading to arbitrary code execution, via a crafted sequence of HTTP/2...

8.8CVSS5.9AI score0.00351EPSS
Exploits0References3
vulnrichment
vulnrichment
added 2026/06/12 6:35 p.m.10 views

CVE-2026-53725 Parse Server: Endpoints `/login` and `/verifyPassword` disclose MFA secrets and protected fields when `_User` get is denied

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. From version 9.8.0 to before version 9.9.1-alpha.5, apps that enable MFA and deny get on the User class via Class-Level Permissions could expose sensitive user data through the /login and...

5.9CVSS5.2AI score0.00251EPSS
Exploits0References2
vulnrichment
vulnrichment
added 2026/06/12 6:34 p.m.13 views

CVE-2026-53724 Parse Server: Stored XSS via trailing-dot filename bypassing file upload extension blocklist

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.79 and 9.9.1-alpha.4, the default file upload extension blocklist can be bypassed by appending a trailing dot to a filename whose extension would otherwise be blocked e.g...

2.1CVSS5.1AI score0.00281EPSS
Exploits0References3
vulnrichment
vulnrichment
added 2026/06/12 6:24 p.m.13 views

CVE-2026-50099 Naxclow IoT Platform Insertion of sensitive information into Externally-Accessible file or directory

During WiFi association, Naxclow device firmware prints the host network’s SSID, PSK, and negotiated WPA keys in cleartext to an exposed UART console on production hardware. The UART pads are labeled, run with default serial settings, and drop to an interactive RT-Thread shell that permits...

5.1CVSS5.3AI score0.00171EPSS
Exploits0References2
vulnrichment
vulnrichment
added 2026/06/12 6:22 p.m.11 views

CVE-2026-50008 Parse Server: Server option routeAllowList is bypassable through batch sub-requests

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. From version 9.8.0 to before version 9.9.1-alpha.3, the routeAllowList server option restricts external client access to a configured list of REST API routes. The check is only enforced as...

6.9CVSS5.3AI score0.00342EPSS
Exploits0References2
vulnrichment
vulnrichment
added 2026/06/12 6:22 p.m.13 views

CVE-2026-10715 Camaleon CMS 2.9.2 - Improper authorization in draft autosave endpoint

Camaleon CMS 2.9.2 contains an improper authorization vulnerability in the administrator draft autosave endpoint. A low-privileged authenticated user can send an arbitrary postid to POST /admin/posttype//drafts and overwrite the draft associated with another user's post...

5.1CVSS5.5AI score0.00238EPSS
Exploits0References3
vulnrichment
vulnrichment
added 2026/06/12 6:22 p.m.12 views

CVE-2026-47138 Parse Server: Pre-authentication denial of service via client version header regex backtracking

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.77 and 9.9.1-alpha.1, an unauthenticated attacker who knows a publicly-known Parse Application ID can submit a single HTTP request whose client SDK version field contains...

8.7CVSS5.3AI score0.00584EPSS
Exploits0References3
vulnrichment
vulnrichment
added 2026/06/12 6:21 p.m.12 views

CVE-2026-47248 Parse Server: GraphQL "Did you mean" validation suggestions disclose schema to unauthenticated callers

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.78 and 9.9.1-alpha.2, Parse Server's GraphQL endpoint discloses schema metadata to unauthenticated callers through Did you mean ...? suggestions embedded in GraphQL...

6.9CVSS5.2AI score0.00291EPSS
Exploits0References3
vulnrichment
vulnrichment
added 2026/06/12 6:21 p.m.19 views

CVE-2026-50244 Naxclow IoT Platform Missing Authorization

The Naxclow platform exposes a registration endpoint that accepts signed requests containing a batch prefix and an arbitrary caller-supplied account identifier, without validating any ownership relationship. Each call mints a new sequential device identifier and returns the current high-water...

6.9CVSS5.4AI score0.00221EPSS
Exploits0References2
vulnrichment
vulnrichment
added 2026/06/12 6:17 p.m.11 views

CVE-2026-42932 Naxclow IoT Platform Generation of Predictable Numbers or Identifiers

Naxclow device identifiers use fixed manufacturing prefixes combined with sequential counters, producing a fully predictable and enumerable identifier space. Because the platform also exposes an endpoint that reveals the current identifier high-water mark, the active fleet can be enumerated...

6.9CVSS5.2AI score0.00233EPSS
Exploits0References2
vulnrichment
vulnrichment
added 2026/06/12 6:13 p.m.12 views

CVE-2026-42947 Naxclow IoT Platform Authorization bypass through User-Controlled key

A flaw in Naxclow's platform’s onboarding workflow allows an attacker to replay a confirm-then-bind sequence to silently reassign a device to an arbitrary account. Because the affected endpoints validate request signatures but do not confirm legitimate ownership, an attacker with any account can...

8.8CVSS5.5AI score0.00312EPSS
Exploits0References2
vulnrichment
vulnrichment
added 2026/06/12 6:11 p.m.11 views

CVE-2026-47236 Solidtime team page exposes pending invitation and member emails to employees who lack invitations:view/members:view permission

Solidtime is an open-source time-tracking app. Prior to version 0.12.2, Solidtime defines an explicit invitations:view and members:view permissions that gates the official invitations and members API. The Jetstream web team page authorizes access with only belongsToTeam and then loads and...

4.3CVSS5.2AI score0.00183EPSS
Exploits0References2
vulnrichment
vulnrichment
added 2026/06/12 6:10 p.m.21 views

CVE-2026-50108 Naxclow IoT Platform Missing Authorization

The Naxclow platform API that returns device relay registration details exposes a persistent credential without verifying that the requester is the legitimate device or owner. An actor able to present a platform-valid request signature can retrieve credentials for arbitrary devices and register o...

8.7CVSS5.5AI score0.00306EPSS
Exploits0References2
vulnrichment
vulnrichment
added 2026/06/12 6:9 p.m.11 views

CVE-2026-42306 Moby: Race condition in docker cp allows bind mount redirection to host path

Moby is an open source container framework. In Docker Engine prior to version 29.5.1, Docker Daemon versions 28.5.2 and prior, and Moby Daemon prior to version 2.0.0-beta.14, a race condition during docker cp mount setup allows a malicious container to redirect a bind mount target to an arbitrary...

7.2CVSS5.2AI score0.00104EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2026/06/12 6:8 p.m.15 views

CVE-2026-41568 Moby: Race condition in docker cp allows creation of arbitrary empty files on the host via symlink swap

Moby is an open source container framework. In Docker Engine prior to version 29.5.1, Docker Daemon versions 28.5.2 and prior, and Moby Daemon prior to version 2.0.0-beta.14, a race condition during docker cp mount setup allows a malicious container to create empty files or directories at arbitra...

6.1CVSS5.3AI score0.00108EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2026/06/12 6:7 p.m.13 views

CVE-2026-50101 Naxclow IoT Platform Not using password aging

Naxclow devices use a server-side, per-device relay credential that never rotates and is re-issued to the device on each boot. Because this credential remains valid indefinitely and cannot be reset or revoked by the legitimate owner, any party that obtains it through any exposure path can maintai...

9.2CVSS5.3AI score0.00281EPSS
Exploits0References2
vulnrichment
vulnrichment
added 2026/06/12 6:3 p.m.12 views

CVE-2026-28742 Naxclow IoT Platform Use of hard-coded cryptographic key

Naxclow devices use a uniform request-signing scheme based on a hard-coded, platform-wide salt embedded in every firmware image. Once this salt is recovered from any device, an attacker can generate valid signatures for arbitrary device or account operations due to the absence of per-device keys,...

9.8CVSS5.5AI score0.0033EPSS
Exploits0References2
vulnrichment
vulnrichment
added 2026/06/12 6:1 p.m.185 views

CVE-2026-12143 form-data does not escape CR/LF/quote in multipart field names and filenames (CRLF injection)

form-data is a library for creating readable multipart/form-data streams. In versions through 4.0.5, the field argument to FormDataappend and the filename option are concatenated verbatim into the Content-Disposition header without escaping carriage return CR, line feed LF, or double-quote "...

8.7CVSS5.4AI score0.00409EPSS
Exploits0References7
Total number of security vulnerabilities163634