1. Path traversal vuln exists in the LogBrowse module 2. Unrestricted thread creation in the built-in HTTP service may cause DOS 3. The guided HTTP endpoint lacks authentication and CSRF protection, enabling remote injection of Guided-mode waypoints. repository: [https://github.com/S1utbunny/missionplanner-bug-report](url)
repository: https://github.com/S1utbunny/missionplanner-bug-report