CVE advisoryCRITICAL
CVE-2022-29351
Tiddlywiki5 Arbitrary File Upload Vulnerability
Halo Surface Signal: 3 out of 5 — possibly public-facing.
An arbitrary file upload vulnerability in Tiddlywiki5's file upload module could allow attackers to execute arbitrary code via a crafted SVG file, though the vendor disputes this is a legitimate issue.