Titan
PricingPentest
Log in

Security Advisories

Vulnerability disclosures from Titan Security Research.

TITAN-2026-001Critical
2026-03-02

Authentication Bypass via Missing Await in TUS Upload Endpoint

A missing `await` keyword on `getServerSession()` in Papermark's TUS file upload endpoint causes a complete authentication bypass, allowing unauthenticated attackers to upload arbitrary files up to 2 GB.

PapermarkCVSS 9.8
TITAN-2026-002Medium
2026-03-04

Open Redirect in Stripe Payment and Feishu Calendar OAuth Callbacks

User-controlled redirect URLs from the OAuth state parameter are passed directly to res.redirect() without getSafeRedirectUrl() validation in Stripe Payment and Feishu Calendar callback handlers, allowing redirection to arbitrary external domains.

Cal.comCVSS 6.1

AI-powered application security that finds real vulnerabilities.

Product

  • Security Agent
  • PR Integration
  • AI Autofix
  • Custom Context
  • Pricing

Services

  • Managed Pentesting

Solutions

  • Application Security
  • DevSecOps
  • Compliance
  • For Security Engineers
  • For Developers
  • For CISOs

Company

  • About
  • Wall of Fame
  • Blog
  • Contact

Legal

  • Privacy Policy
  • Terms of Service

© 2026 Titan Security Labs, Inc. All rights reserved.

PrivacyTerms[email protected]