CVE-2026-40321 DotNetNuke.Core has stored cross-site-scripting (XSS) via SVG upload

DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. Prior to version 10.2.2, a user could upload a specially crafted SVG file that could include scripts that can target both authenticated and unauthenticated DNN users. The impact is increased ...

CVE-2026-40321

DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. Prior to version 10.2.2, a user could upload a specially crafted SVG file that could include scripts that can target both authenticated and unauthenticated DNN users. The impact is increased ...

CVE-2026-40321 DotNetNuke.Core has stored cross-site-scripting (XSS) via SVG upload

DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. Prior to version 10.2.2, a user could upload a specially crafted SVG file that could include scripts that can target both authenticated and unauthenticated DNN users. The impact is increased ...

CVE-2026-40321

CVE-2026-40321 affects DotNetNuke (DNN). Versions prior to 10.2.2 allow stored cross-site scripting through specially crafted SVG uploads, enabling scripts to run in contexts for both authenticated and unauthenticated users; impact increases if the payload is executed by a power user. The issue i...

CVE-2026-40301 rhukster/dom-sanitizer: SVG <style> tag allows CSS injection via unfiltered url() and @import directives

DOMSanitizer is a DOM/SVG/MathML Sanitizer for PHP 7.3+. Prior to version 1.0.10, DOMSanitizer::sanitize allows elements in SVG content but never inspects their text content. CSS url references and @import rules pass through unfiltered, causing the browser to issue HTTP requests to...

CVE-2026-35512 xrdp: Heap buffer overflow in EGFX channel

xrdp is an open source RDP server. Versions through 0.10.5 have a heap-based buffer overflow in the EGFX graphics dynamic virtual channel implementation due to insufficient validation of client-controlled size parameters, allowing an out-of-bounds write via crafted PDUs. Pre-authentication...

CVE-2026-21733

Software installed and run as a non-privileged user may conduct improper GPU system calls to gain write permission to read-only wrapped user-mode memory and files. This is caused by improper handling of GPU memory reservation protections...

CVE-2026-21733

CVE-2026-21733 concerns a vulnerability in Imagination Technologies’ GPU driver where software running as a non-privileged user can perform improper GPU system calls due to incorrect handling of GPU memory reservation protections. The root cause is described as improper handling of GPU memory res...

OESA-2026-1993 thunderbird security update

Mozilla Thunderbird is a standalone mail and newsgroup client. Security Fixes: libexpat in Expat before 2.7.2 allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing.CVE-2025-59375 Spoofing issue in Thunderbird. This vulnerability was fixed ...

OESA-2026-1921 ImageMagick security update

Use ImageMagick to create, edit, compose, or convert bitmap images. It can read and write images in a variety of formats over 200 including PNG, JPEG, GIF, HEIC, TIFF, DPX, EXR, WebP, Postscript, PDF, and SVG. Use ImageMagick to resize, flip, mirror, rotate, distort, shear and transform images,...

OESA-2026-1920 ImageMagick security update

Use ImageMagick to create, edit, compose, or convert bitmap images. It can read and write images in a variety of formats over 200 including PNG, JPEG, GIF, HEIC, TIFF, DPX, EXR, WebP, Postscript, PDF, and SVG. Use ImageMagick to resize, flip, mirror, rotate, distort, shear and transform images,...

OESA-2026-1917 ImageMagick security update

Use ImageMagick to create, edit, compose, or convert bitmap images. It can read and write images in a variety of formats over 200 including PNG, JPEG, GIF, HEIC, TIFF, DPX, EXR, WebP, Postscript, PDF, and SVG. Use ImageMagick to resize, flip, mirror, rotate, distort, shear and transform images,...

SUSE CVE-2026-6384

A flaw was found in gimp. This buffer overflow vulnerability in the GIF image loading component's ReadJeffsImage function allows an attacker to write beyond an allocated buffer by processing a specially crafted GIF file. This can lead to a denial of service or potentially arbitrary code execution...

USN-8184-1: Linux kernel (Real-time) vulnerabilities

Josh Eads, Kristoffer Janke, Eduardo Vela Nava, Tavis Ormandy, and Matteo Rizzo discovered that some AMD Zen processors did not properly verify the signature of CPU microcode. This flaw is known as EntrySign. A privileged attacker could possibly use this issue to cause load malicious CPU microcod...

Imagination Graphics DDK 安全漏洞

Imagination Graphics DDK is a GPU driver toolkit developed by the British company Imagination. There is a security vulnerability in Imagination Graphics DDK, which stems from improper handling of GPU memory retention protection. This vulnerability could allow software running with non-privileged...

PT-2026-33509

Name of the Vulnerable Software and Affected Versions xrdp versions prior to 0.10.6 Description An open source RDP server contains a heap-based buffer overflow in the EGFX graphics dynamic virtual channel implementation. This occurs due to insufficient validation of client-controlled size...

xrdp 安全漏洞

XRDPT is an open-source remote desktop protocol server developed by Neutrinolabs. Versions of XRDPT prior to 0.10.5 contain security vulnerabilities. These vulnerabilities stem from insufficient validation of the size parameter in the EGX implementation, leading to a heap-based buffer overflow th...

MiracleLinux 8 : thunderbird-140.9.0-1.el8_10.ML.1 (AXSA:2026-444:07)

The remote MiracleLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2026-444:07 advisory. firefox: thunderbird: Use-after-free in the JavaScript Engine component CVE-2026-4701 firefox: thunderbird: Memory safety bugs fixed in Firefox ESR...

Unity Linux 20.1070a Security Update: libpng (UTSA-2026-007285)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007285 advisory. LIBPNG is a reference library for use in applications that read, create, and manipulate PNG Portable Network Graphics raster image files. From 1.6.51 to 1.6.53, ther...

PT-2026-33462

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description Improper handling of GPU memory reservation protections allows software installed and run as a non-privileged user to conduct improper GPU system calls. This can...