Titan
PricingPentest
Log in

Titan Wall of Fame

Vulnerabilities discovered by Titan's AI agent in open source projects.

All advisories are also listed on our advisories page.

  • TITAN-2026-001CriticalCVE Pending2026-03-02

    Authentication Bypass via Missing Await in TUS Upload Endpoint

    A missing `await` keyword on `getServerSession()` in Papermark's TUS file upload endpoint causes a complete authentication bypass, allowing unauthenticated attackers to upload arbitrary files up to 2 GB.

    Papermark · CVSS 9.8

    Read advisory
  • TITAN-2026-002MediumCVE Pending2026-03-04

    Open Redirect in Stripe Payment and Feishu Calendar OAuth Callbacks

    User-controlled redirect URLs from the OAuth state parameter are passed directly to res.redirect() without getSafeRedirectUrl() validation in Stripe Payment and Feishu Calendar callback handlers, allowing redirection to arbitrary external domains.

    Cal.com · CVSS 6.1

    Read advisory

AI-powered application security that finds real vulnerabilities.

Product

  • Security Agent
  • PR Integration
  • AI Autofix
  • Custom Context
  • Pricing

Services

  • Managed Pentesting

Solutions

  • Application Security
  • DevSecOps
  • Compliance
  • For Security Engineers
  • For Developers
  • For CISOs

Company

  • About
  • Wall of Fame
  • Blog
  • Contact

Legal

  • Privacy Policy
  • Terms of Service

© 2026 Titan Security Labs, Inc. All rights reserved.

PrivacyTerms[email protected]