Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

Snyk
Snykadded 2026/05/13 5:22 p.m.7 views

Uncontrolled Recursion

Overview Affected versions of this package are vulnerable to Uncontrolled Recursion through the Root.fromJSON or Namespace.addJSON functions. An attacker can cause resource exhaustion and disrupt service availability by submitting a crafted JSON descriptor with deeply nested namespace definitions...

7.5CVSS5.8AI score0.00058EPSS
Exploits0References2
RedhatCVE
RedhatCVEadded 2026/02/20 7:39 p.m.3 views

CVE-2026-27013

Fabric.js is a Javascript HTML5 canvas library. Prior to version 7.2.0, Fabric.js applies escapeXml to text content during SVG export src/shapes/Text/TextSVGExportMixin.ts:186 but fails to apply it to other user-controlled string values that are interpolated into SVG attribute markup. When...

7.6CVSS6AI score0.00056EPSS
Exploits1References1
NVD
NVDadded 2026/02/19 8:25 p.m.4 views

CVE-2026-27013

Fabric.js is a Javascript HTML5 canvas library. Prior to version 7.2.0, Fabric.js applies escapeXml to text content during SVG export src/shapes/Text/TextSVGExportMixin.ts:186 but fails to apply it to other user-controlled string values that are interpolated into SVG attribute markup. When...

7.6CVSS0.00056EPSS
Exploits1References3
CVE
CVEadded 2026/02/19 7:38 p.m.12 views

CVE-2026-27013

Fabric.js prior to 7.2.0 is vulnerable to stored XSS when user-supplied JSON is loaded via loadFromJSON() and later exported to SVG with toSVG(). The issue arises because several SVG attributes (notably id on wrappers and xlink:href values for images and patterns) interpolate user-controlled str...

7.6CVSS6AI score0.00056EPSS
Exploits1References3Affected Software1
Snyk
Snykadded 2026/02/18 10:44 p.m.2 views

Cross-site Scripting (XSS)

Overview fabric is an Object model for HTML5 canvas, and SVG-to-canvas parser. Backed by jsdom and node-canvas. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the loadFromJSON function, which is used in the FabricObjectSVGExportMixin class to deserialize...

7.6CVSS5.3AI score0.00056EPSS
Exploits1References2
EUVD
EUVDadded 2025/10/03 8:7 p.m.3 views

EUVD-2025-31334

Malicious code in bioql PyPI...

4.8CVSS4.3AI score0.00031EPSS
Exploits1References8
Vulnrichment
Vulnrichmentadded 2025/09/26 11:32 a.m.4 views

CVE-2025-11011 BehaviorTree json_export.cpp fromJson null pointer dereference

A vulnerability was found in BehaviorTree up to 4.7.0. Affected by this issue is the function JsonExporter::fromJson of the file /src/jsonexport.cpp. Performing manipulation of the argument Source results in null pointer dereference. The attack needs to be approached locally. The exploit has been...

4.8CVSS6.2AI score0.00031EPSS
Exploits1References7
RedHat Linux
RedHat Linuxadded 2025/07/01 2:30 p.m.2 views

json-smart: Potential DoS via stack exhaustion (incomplete fix for CVE-2023-1370)

A flaw was found in the JSON-smart library. In affected versions, specially crafted JSON input may trigger stack exhaustion, potentially leading to an application crash or denial of service. This issue exists due to an incomplete fix for CVE-2023-1370...

7.5CVSS7.1AI score0.00058EPSS
Exploits1References6
Rows per page
Query Builder