Lucene search
K

18319 matches found

OSV
OSV
added 2026/03/30 12:0 a.m.5 views

ALSA-2026:6188 Important: thunderbird security update

Mozilla Thunderbird is a standalone mail and newsgroup client. Security Fixes: firefox: thunderbird: Use-after-free in the JavaScript Engine component CVE-2026-4701 firefox: thunderbird: Memory safety bugs fixed in Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird ESR 140.9, Firefox 149 and...

10CVSS7.2AI score0.00773EPSS
Exploits0References80
RedhatCVE
RedhatCVE
added 2026/03/29 6:0 p.m.6 views

CVE-2026-4980

A vulnerability was found in Inkscape due to improper handling of XInclude elements in SVG files. The application processes xi:include directives without restricting access to local resources, allowing external file references such as file:// URIs to be included during document processing. An...

6.3CVSS5.7AI score0.00202EPSS
Exploits1References5
Microsoft CVE
Microsoft CVE
added 2026/03/29 8:2 a.m.4 views

LIBPNG has use-after-free via pointer aliasing in `png_set_tRNS` and `png_set_PLTE`

...

7.5CVSS5.8AI score0.01052EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2026/03/29 12:0 a.m.7 views

SUSE SLES12: MozillaFirefox / MozillaFirefox-devel / etc (SUSE-SU-2026:1127-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1127-1 advisory. Update to Firefox 140.9.0 ESR MFSA 2026-22, bsc1260083: - CVE-2026-4684: Race condition, use-after-free in the Graphics: WebRender component -...

10CVSS6.5AI score0.01279EPSS
Exploits1References78
FreeBSD
FreeBSD
added 2026/03/29 12:0 a.m.7 views

Roundcube -- SVG Attribute Bypass

The Roundcube project reports:...

5.8AI score
Exploits0References1
SUSE CVE
SUSE CVE
added 2026/03/28 6:26 p.m.6 views

SUSE CVE-2026-4980

A local file disclosure vulnerability in the XInclude processing component of Inkscape 1.1 before 1.3 allows a remote attacker to read local files via a crafted SVG file containing malicious xi:include tags...

6.3CVSS5.9AI score0.00202EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2026/03/28 4:59 p.m.5 views

CVE-2026-5026

The '/api/v1/files/images/flowid/filename' endpoint serves SVG files with the 'image/svg+xml' content type without sanitizing their content. Since SVG files can contain embedded JavaScript, an attacker can upload a malicious SVG that executes arbitrary JavaScript when viewed by other users, leadi...

7CVSS5.9AI score0.00155EPSS
Exploits0References1
Wolfi
Wolfi
added 2026/03/28 1:48 a.m.8 views

GHSA-2QVQ-RJWJ-GVW9 vulnerabilities

Vulnerabilities for packages: ts-patch, rancher-api-ui, nextcloud-server, tileserver-gl, opensearch-dashboards, lerna, prism...

5.8AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/03/28 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2026-23338

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - drm/amdgpu/userq: Do not allow userspace to trivially triger kernel warnings Userspace can either deliberately pass in the too small numfences, or the required...

5.5CVSS6.1AI score0.00121EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2026/03/27 9:27 p.m.6 views

CVE-2026-4985

A vulnerability was identified in dloebl CGIF up to 0.5.2. This vulnerability affects the function cgifaddframe of the file src/cgif.c of the component GIF Image Handler. The manipulation of the argument width/height leads to integer overflow. The attack may be initiated remotely. The identifier ...

5.3CVSS4.7AI score0.00492EPSS
Exploits0
OSV
OSV
added 2026/03/27 5:19 p.m.2 views

SUSE-SU-2026:20978-1 Security update for MozillaFirefox

This update for MozillaFirefox fixes the following issues: Update to Firefox 140.9.0 ESR MFSA 2026-22, bsc1260083: - CVE-2026-4684: Race condition, use-after-free in the Graphics: WebRender component - CVE-2026-4685: Incorrect boundary conditions in the Graphics: Canvas2D component - CVE-2026-468...

10CVSS6.4AI score0.01279EPSS
Exploits1References40
EUVD
EUVD
added 2026/03/27 3:30 p.m.4 views

EUVD-2026-16659

A local file disclosure vulnerability in the XInclude processing component of Inkscape 1.1 before 1.3 allows a remote attacker to read local files via a crafted SVG file containing malicious xi:include tags...

6.3CVSS5.9AI score0.00202EPSS
Exploits1References3
OSV
OSV
added 2026/03/27 3:17 p.m.3 views

DEBIAN-CVE-2026-4980

A local file disclosure vulnerability in the XInclude processing component of Inkscape 1.1 before 1.3 allows a remote attacker to read local files via a crafted SVG file containing malicious xi:include tags...

6.3CVSS5.4AI score0.00202EPSS
Exploits1References1
OSV
OSV
added 2026/03/27 3:17 p.m.4 views

UBUNTU-CVE-2026-4980

A local file disclosure vulnerability in the XInclude processing component of Inkscape 1.1 before 1.3 allows a remote attacker to read local files via a crafted SVG file containing malicious xi:include tags...

6.3CVSS5.8AI score0.00202EPSS
Exploits1References4
CVE
CVE
added 2026/03/27 2:50 p.m.28 views

CVE-2026-4980

CVE-2026-4980 concerns Inkscape’s XInclude processing, where a crafted SVG with malicious xi:include tags can cause a local file disclosure. The connected CVE records identify the affected software as Inkscape 1.1 prior to 1.3, and describe the root cause as an improper handling of XML External E...

6.3CVSS5.9AI score0.00202EPSS
Exploits1References2Affected Software1
Debian CVE
Debian CVE
added 2026/03/27 2:50 p.m.3 views

CVE-2026-4980

A local file disclosure vulnerability in the XInclude processing component of Inkscape 1.1 before 1.3 allows a remote attacker to read local files via a crafted SVG file containing malicious xi:include tags...

6.3CVSS5.4AI score0.00202EPSS
Exploits1
Cvelist
Cvelist
added 2026/03/27 2:50 p.m.25 views

CVE-2026-5026 Langflow - Stored XSS via Malicious SVG Upload

The '/api/v1/files/images/flowid/filename' endpoint serves SVG files with the 'image/svg+xml' content type without sanitizing their content. Since SVG files can contain embedded JavaScript, an attacker can upload a malicious SVG that executes arbitrary JavaScript when viewed by other users, leadi...

7CVSS0.00155EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/27 2:50 p.m.4 views

CVE-2026-5026

The '/api/v1/files/images/flowid/filename' endpoint serves SVG files with the 'image/svg+xml' content type without sanitizing their content. Since SVG files can contain embedded JavaScript, an attacker can upload a malicious SVG that executes arbitrary JavaScript when viewed by other users, leadi...

7CVSS5.9AI score0.00155EPSS
Exploits0References2
SUSE Linux
SUSE Linux
added 2026/03/27 2:43 p.m.3 views

Security update for MozillaFirefox

This update for MozillaFirefox fixes the following issues: Update to Firefox 140.9.0 ESR MFSA 2026-22, bsc1260083: CVE-2026-4684: Race condition, use-after-free in the Graphics: WebRender component CVE-2026-4685: Incorrect boundary conditions in the Graphics: Canvas2D component CVE-2026-4686:...

8.8CVSS6.4AI score0.01279EPSS
Exploits1References78
OSV
OSV
added 2026/03/27 2:43 p.m.1 views

SUSE-SU-2026:1127-1 Security update for MozillaFirefox

This update for MozillaFirefox fixes the following issues: Update to Firefox 140.9.0 ESR MFSA 2026-22, bsc1260083: - CVE-2026-4684: Race condition, use-after-free in the Graphics: WebRender component - CVE-2026-4685: Incorrect boundary conditions in the Graphics: Canvas2D component - CVE-2026-468...

10CVSS6.4AI score0.01279EPSS
Exploits1References40
Rows per page
Query Builder