CVE-2025-66520 Foxit pdfonline.foxit.com Stored Cross-Site Scripting in Portfolio SVG Handling

A stored cross-site scripting XSS vulnerability exists in the Portfolio feature of the Foxit PDF Editor cloud pdfonline.foxit.com. User-supplied SVG files are not properly sanitized or validated before being inserted into the HTML structure. As a result, embedded HTML or JavaScript within a craft...

CVE-2021-40753

Adobe After Effects version 18.4.1 and earlier is affected by a memory corruption vulnerability due to insecure handling of a malicious SVG file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required in that the victim must open a...

The vulnerability of Thunderbird software, which allows a malicious actor to compromise the confidentiality, integrity, and accessibility of protected information.

A vulnerability exists in the ConvolveHorizontally function of Skia for Mozilla Firefox, Firefox ESR, and Thunderbird, due to improper graphics data unloading when this function is executed. Exploiting this vulnerability allows malicious actors to execute arbitrary code, leading to prolonged...