CVE-2026-29079

Lexbor is a web browser engine library. Prior to 2.7.0, a type‑confusion vulnerability exists in Lexbor’s HTML fragment parser. When ns = UNDEF, a comment is created using the “unknown element” constructor. The comment’s data are written into the element’s fields via an unsafe cast, corrupting th...

CairoSVG vulnerable to Exponential DoS via recursive <use> element amplification

Kozea/CairoSVG 300K downloads/week has exponential denial of service via recursive element amplification in cairosvg/defs.py line 335. This causes CPU exhaustion from a small input...

rs-soroban-sdk 安全漏洞

rs-soroban-sdk is a Rust development toolkit open sourced by Stellar. Versions of rs-soroban-sdk prior to 22.0.11, 23.5.3, and 25.3.0 contained security vulnerabilities. These vulnerabilities stemmed from the fact that the Fr type comparison values in BN254 and BLS12-381 were not subjected to...

CairoSVG 安全漏洞

CairoSVG is an SVG format conversion tool developed by Kozea. CairoSVG has a security vulnerability that stems from the recursive element being enlarged, which can lead to exponential denial-of-service attacks and result in CPU exhaustion...

php: heap-based buffer overflow in array_merge()

A flaw was found in PHP. A heap-based buffer overflow occurs in the arraymerge function when the total element count of packed arrays exceeds the 32-bit limit or the internal HTMAXSIZE due to an integer overflow in the precomputation of element counts using the zendhashnumelements function, causi...

php: heap-based buffer overflow in array_merge()

A flaw was found in PHP. A heap-based buffer overflow occurs in the arraymerge function when the total element count of packed arrays exceeds the 32-bit limit or the internal HTMAXSIZE due to an integer overflow in the precomputation of element counts using the zendhashnumelements function, causi...

GHSA-G7J6-FMWX-7VP8 CraftCMS's `ElementSearchController` Affected by Blind SQL Injection

The ElementSearchController::actionSearch endpoint is missing the unset protection that was added to ElementIndexesController in GHSA-2453-mppf-46cj. The exact same SQL injection vulnerability including criteriaorderBy, the original advisory vector works on this controller because the fix was nev...

CraftCMS's `ElementSearchController` Affected by Blind SQL Injection

The ElementSearchController::actionSearch endpoint is missing the unset protection that was added to ElementIndexesController in GHSA-2453-mppf-46cj. The exact same SQL injection vulnerability including criteriaorderBy, the original advisory vector works on this controller because the fix was nev...

Craft CMS SQL注入漏洞

Craft CMS is an open-source content management system developed by Craft CMS. Versions of Craft CMS prior to 5.9.9 had a SQL injection vulnerability. This vulnerability stemmed from insufficient input sanitization in the ElementSearchController::actionSearch endpoint, which could lead to SQL...

SiYuan has a SVG Sanitizer Bypass via `<animate>` Element — Unauthenticated XSS

SVG Sanitizer Bypass via Element — Unauthenticated XSS Summary SiYuan's SVG sanitizer SanitizeSVG blocks dangerous elements , , and removes on event handlers and javascript: in href attributes. However, it does NOT block SVG animation elements , which can dynamically set attributes to dangerous...

GHSA-5HC8-QMG8-PW27 SiYuan has a SVG Sanitizer Bypass via `<animate>` Element — Unauthenticated XSS

SVG Sanitizer Bypass via Element — Unauthenticated XSS Summary SiYuan's SVG sanitizer SanitizeSVG blocks dangerous elements , , and removes on event handlers and javascript: in href attributes. However, it does NOT block SVG animation elements , which can dynamically set attributes to dangerous...

CVE-2026-31807 SiYuan has a SVG Sanitizer Bypass via `<animate>` Element — Unauthenticated XSS

SiYuan is a personal knowledge management system. Prior to 3.5.10, SiYuan's SVG sanitizer SanitizeSVG blocks dangerous elements , , and removes on event handlers and javascript: in href attributes. However, it does NOT block SVG animation elements , which can dynamically set attributes to dangero...

CVE-2026-31807

SiYuan: CVE-2026-31807 is a real issue in SVG sanitization prior to v3.5.10. The SVG sanitizer fails to block animation elements (e.g., /) in /api/icon/getDynamicIcon (type=8), allowing injection of JavaScript and a reflected XSS. Nuclei templates detail the exact vector: unauthenticated access t...

CVE-2026-31807 SiYuan has a SVG Sanitizer Bypass via `<animate>` Element — Unauthenticated XSS

SiYuan is a personal knowledge management system. Prior to 3.5.10, SiYuan's SVG sanitizer SanitizeSVG blocks dangerous elements , , and removes on event handlers and javascript: in href attributes. However, it does NOT block SVG animation elements , which can dynamically set attributes to dangero...

CVE-2026-2713 IBM Trusteer Rapport installer affected by uncontrolled search path element vulnerability

IBM Trusteer Rapport installer 3.5.2309.290 IBM Trusteer Rapport could allow a local attacker to execute arbitrary code on the system, caused by DLL uncontrolled search path element vulnerability. By placing a specially crafted file in a compromised folder, an attacker could exploit this...

EUVD-2025-208500

CWE-79 Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability exists that could cause condition where authenticated attackers can have a victim’s browser run arbitrary JavaScript when the victim hovers over a maliciously crafted element on a web server...

CVE-2025-13902

CWE-79 Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability exists that could cause condition where authenticated attackers can have a victim’s browser run arbitrary JavaScript when the victim hovers over a maliciously crafted element on a web server...

CVE-2025-13902

CWE-79 Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability exists that could cause condition where authenticated attackers can have a victim’s browser run arbitrary JavaScript when the victim hovers over a maliciously crafted element on a web server...

CVE-2025-13902

CWE-79 Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability exists that could cause condition where authenticated attackers can have a victim’s browser run arbitrary JavaScript when the victim hovers over a maliciously crafted element on a web server...

CVE-2025-13902

CVE-2025-13902 describes a Cross-site Scripting (CWE-79) vulnerability that can allow an authenticated attacker to cause a victim’s browser to execute arbitrary JavaScript when the victim visits a page containing a crafted element with the injected payload. The CVSS score is 5.1 (Medium) with NET...