Lucene search
+L

1251 matches found

EUVD
EUVD
added 2026/03/10 11:49 p.m.6 views

EUVD-2026-10892

SiYuan has a SVG Sanitizer Bypass via Element — Unauthenticated XSS...

6.4CVSS5.8AI score0.00445EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2026/03/10 11:49 p.m.5 views

SiYuan has a SVG Sanitizer Bypass via `<animate>` Element — Unauthenticated XSS

SVG Sanitizer Bypass via Element — Unauthenticated XSS Summary SiYuan's SVG sanitizer SanitizeSVG blocks dangerous elements , , and removes on event handlers and javascript: in href attributes. However, it does NOT block SVG animation elements , which can dynamically set attributes to dangerous...

6.4CVSS5.8AI score0.00445EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2026/03/10 11:49 p.m.2 views

GHSA-5HC8-QMG8-PW27 SiYuan has a SVG Sanitizer Bypass via `<animate>` Element — Unauthenticated XSS

SVG Sanitizer Bypass via Element — Unauthenticated XSS Summary SiYuan's SVG sanitizer SanitizeSVG blocks dangerous elements , , and removes on event handlers and javascript: in href attributes. However, it does NOT block SVG animation elements , which can dynamically set attributes to dangerous...

6.4CVSS5.9AI score0.00445EPSS
Exploits1References4
Cvelist
Cvelist
added 2026/03/10 8:56 p.m.32 views

CVE-2026-31807 SiYuan has a SVG Sanitizer Bypass via `<animate>` Element — Unauthenticated XSS

SiYuan is a personal knowledge management system. Prior to 3.5.10, SiYuan's SVG sanitizer SanitizeSVG blocks dangerous elements , , and removes on event handlers and javascript: in href attributes. However, it does NOT block SVG animation elements , which can dynamically set attributes to dangero...

6.4CVSS0.00445EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/03/10 8:56 p.m.2 views

CVE-2026-31807 SiYuan has a SVG Sanitizer Bypass via `<animate>` Element — Unauthenticated XSS

SiYuan is a personal knowledge management system. Prior to 3.5.10, SiYuan's SVG sanitizer SanitizeSVG blocks dangerous elements , , and removes on event handlers and javascript: in href attributes. However, it does NOT block SVG animation elements , which can dynamically set attributes to dangero...

6.4CVSS5.8AI score0.00445EPSS
Exploits1References1
CVE
CVE
added 2026/03/10 8:56 p.m.18 views

CVE-2026-31807

SiYuan: CVE-2026-31807 is a real issue in SVG sanitization prior to v3.5.10. The SVG sanitizer fails to block animation elements (e.g., /) in /api/icon/getDynamicIcon (type=8), allowing injection of JavaScript and a reflected XSS. Nuclei templates detail the exact vector: unauthenticated access t...

6.4CVSS5.8AI score0.00445EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2026/03/10 8:56 p.m.3 views

CVE-2026-31807 SiYuan has a SVG Sanitizer Bypass via `<animate>` Element — Unauthenticated XSS

SiYuan is a personal knowledge management system. Prior to 3.5.10, SiYuan's SVG sanitizer SanitizeSVG blocks dangerous elements , , and removes on event handlers and javascript: in href attributes. However, it does NOT block SVG animation elements , which can dynamically set attributes to dangero...

6.4CVSS5.8AI score0.00445EPSS
Exploits1References3
VulnCheck KEV
VulnCheck KEV
added 2026/02/20 12:0 a.m.4 views

VulnCheck KEV: CVE-2025-68461

Roundcube Webmail before 1.5.12 and 1.6 before 1.6.12 is prone to a Cross-Site-Scripting XSS vulnerability via the animate tag in an SVG document...

7.2CVSS5.8AI score0.19769EPSS
In wildExploits1References2
CISA KEV Catalog
CISA KEV Catalog
added 2026/02/20 12:0 a.m.8 views

RoundCube Webmail Cross-site Scripting Vulnerability

RoundCube Webmail contains a cross-site scripting vulnerability via the animate tag in an SVG document...

7.2CVSS5.1AI score0.19769EPSS
In wildExploits1
EUVD
EUVD
added 2026/01/12 5:56 a.m.8 views

EUVD-2026-1962

Malicious code in tailwindcss-animate-tool npm...

6.6AI score
Exploits0References1
OSV
OSV
added 2026/01/12 5:56 a.m.6 views

MAL-2026-235 Malicious code in tailwindcss-animate-tool (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 150bc7ffcbd255578f8dc6e8ce8781a01e97dcdc6a57436976f6b08beb371807 The package tailwindcss-animate-tool was found to contain malicious code. Source: ghsa-malware...

6.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/01/12 5:56 a.m.14 views

Malicious code in tailwindcss-animate-tool (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 150bc7ffcbd255578f8dc6e8ce8781a01e97dcdc6a57436976f6b08beb371807 The package tailwindcss-animate-tool was found to contain malicious code. Source: ghsa-malware...

6.9AI score
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:34 a.m.11 views

CVE-2019-7960

Adobe Animate CC versions 19.2.1 and earlier have an insecure library loading dll hijacking vulnerability. Successful exploitation could lead to privilege escalation...

7.8CVSS6.8AI score0.00777EPSS
Exploits0References1
CVE
CVE
added 2025/12/24 7:27 p.m.17 views

CVE-2019-25240

Rifatron 5brid DVR suffers an unauthenticated vulnerability in the animate.cgi script that enables unauthorized access to live video streams via the Mobile Web Viewer by specifying channel numbers. Affected versions include HD6-532/516, DX6-516/508/504, MX6-516/508/504, EH6-504. Root cause is the...

9.8CVSS6.6AI score0.00406EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2025/12/24 7:27 p.m.5 views

CVE-2019-25240 Rifatron 5brid DVR 5brid DVR (HD6-532/516, DX6-516/508/504, MX6-516/508/504, EH6-504) Unauthenticated Live Stream Disclosure via animate.cgi

Rifatron 5brid DVR contains an unauthenticated vulnerability in the animate.cgi script that allows unauthorized access to live video streams. Attackers can exploit the Mobile Web Viewer module by specifying channel numbers to retrieve sequential video snapshots without authentication...

9.8CVSS6.6AI score0.00406EPSS
Exploits1References3
Cvelist
Cvelist
added 2025/12/24 7:27 p.m.32 views

CVE-2019-25240 Rifatron 5brid DVR 5brid DVR (HD6-532/516, DX6-516/508/504, MX6-516/508/504, EH6-504) Unauthenticated Live Stream Disclosure via animate.cgi

Rifatron 5brid DVR contains an unauthenticated vulnerability in the animate.cgi script that allows unauthorized access to live video streams. Attackers can exploit the Mobile Web Viewer module by specifying channel numbers to retrieve sequential video snapshots without authentication...

9.8CVSS0.00406EPSS
Exploits1References3
CNNVD
CNNVD
added 2025/12/24 12:0 a.m.10 views

Rifatron 5brid DVR 安全漏洞

Rifatron 5brid DVR is a 5-in-1 hybrid digital video recorder from Rifatron, a South Korean company. A security vulnerability exists in the Rifatron 5brid DVR that stems from the presence of unauthenticated access to the animate.cgi script, which could lead to the acquisition of live video streams...

9.8CVSS6.7AI score0.00406EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2025/12/24 12:0 a.m.7 views

PT-2025-53326

Name of the Vulnerable Software and Affected Versions Rifatron 5brid DVR versions HD6-532/516, DX6-516/508/504, MX6-516/508/504, EH6-504 Description The Rifatron 5brid DVR contains a flaw in the animate.cgi script that permits unauthorized access to live video streams. An attacker can leverage th...

9.8CVSS6.6AI score0.00406EPSS
Exploits1References5
Mageia
Mageia
added 2025/12/22 11:57 p.m.9 views

Updated roundcubemail packages fix security vulnerabilities

Fix Cross-Site-Scripting vulnerability via SVG's animate tag reported by Valentin T., CrowdStrike. Fix Information Disclosure vulnerability in the HTML style sanitizer reported by somerandomdev...

7.5CVSS6.5AI score0.19769EPSS
Exploits1References2
OSV
OSV
added 2025/12/22 11:57 p.m.9 views

MGASA-2025-0332 Updated roundcubemail packages fix security vulnerabilities

Fix Cross-Site-Scripting vulnerability via SVG's animate tag reported by Valentin T., CrowdStrike. Fix Information Disclosure vulnerability in the HTML style sanitizer reported by somerandomdev...

7.5CVSS6.4AI score0.19769EPSS
Exploits1References3
Rows per page
Query Builder