Lucene search
K

18324 matches found

Cvelist
Cvelist
added 2026/03/27 2:50 p.m.25 views

CVE-2026-5026 Langflow - Stored XSS via Malicious SVG Upload

The '/api/v1/files/images/flowid/filename' endpoint serves SVG files with the 'image/svg+xml' content type without sanitizing their content. Since SVG files can contain embedded JavaScript, an attacker can upload a malicious SVG that executes arbitrary JavaScript when viewed by other users, leadi...

7CVSS0.00155EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/27 2:50 p.m.4 views

CVE-2026-5026

The '/api/v1/files/images/flowid/filename' endpoint serves SVG files with the 'image/svg+xml' content type without sanitizing their content. Since SVG files can contain embedded JavaScript, an attacker can upload a malicious SVG that executes arbitrary JavaScript when viewed by other users, leadi...

7CVSS5.9AI score0.00155EPSS
Exploits0References2
SUSE Linux
SUSE Linux
added 2026/03/27 2:43 p.m.3 views

Security update for MozillaFirefox

This update for MozillaFirefox fixes the following issues: Update to Firefox 140.9.0 ESR MFSA 2026-22, bsc1260083: CVE-2026-4684: Race condition, use-after-free in the Graphics: WebRender component CVE-2026-4685: Incorrect boundary conditions in the Graphics: Canvas2D component CVE-2026-4686:...

8.8CVSS6.4AI score0.01279EPSS
Exploits1References78
OSV
OSV
added 2026/03/27 2:43 p.m.1 views

SUSE-SU-2026:1127-1 Security update for MozillaFirefox

This update for MozillaFirefox fixes the following issues: Update to Firefox 140.9.0 ESR MFSA 2026-22, bsc1260083: - CVE-2026-4684: Race condition, use-after-free in the Graphics: WebRender component - CVE-2026-4685: Incorrect boundary conditions in the Graphics: Canvas2D component - CVE-2026-468...

10CVSS6.4AI score0.01279EPSS
Exploits1References40
SUSE Linux
SUSE Linux
added 2026/03/27 2:42 p.m.10 views

Security update for MozillaFirefox

This update for MozillaFirefox fixes the following issues: Update to Firefox 140.9.0 ESR MFSA 2026-22, bsc1260083: CVE-2026-4684: Race condition, use-after-free in the Graphics: WebRender component CVE-2026-4685: Incorrect boundary conditions in the Graphics: Canvas2D component CVE-2026-4686:...

8.8CVSS6.4AI score0.01279EPSS
Exploits1References78
OSV
OSV
added 2026/03/27 2:42 p.m.2 views

SUSE-SU-2026:1126-1 Security update for MozillaFirefox

This update for MozillaFirefox fixes the following issues: Update to Firefox 140.9.0 ESR MFSA 2026-22, bsc1260083: - CVE-2026-4684: Race condition, use-after-free in the Graphics: WebRender component - CVE-2026-4685: Incorrect boundary conditions in the Graphics: Canvas2D component - CVE-2026-468...

10CVSS6.4AI score0.01279EPSS
Exploits1References40
OSV
OSV
added 2026/03/27 2:3 p.m.7 views

OESA-2026-1715 gegl04 security update

GEGL provides infrastructure to do demand based cached non destructive image editing on larger than RAM buffers. Through babl, it provides support for a wide range of color models and pixel storage formats for input and output. Security Fixes: CVE-2026-2049 CVE-2026-2050...

7.8CVSS7.1AI score0.00615EPSS
Exploits0References3
OSV
OSV
added 2026/03/27 2:2 p.m.3 views

OESA-2026-1706 firefox security update

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability. Security Fixes: libexpat in Expat before 2.7.2 allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing.CVE-2025-59375 Race...

10CVSS6.6AI score0.01279EPSS
Exploits1References39
OSV
OSV
added 2026/03/27 12:32 p.m.4 views

OPENSUSE-SU-2026:20439-1 Security update for MozillaFirefox

This update for MozillaFirefox fixes the following issues: Update to Firefox 140.9.0 ESR MFSA 2026-22, bsc1260083: - CVE-2026-4684: Race condition, use-after-free in the Graphics: WebRender component - CVE-2026-4685: Incorrect boundary conditions in the Graphics: Canvas2D component - CVE-2026-468...

10CVSS5.9AI score0.01279EPSS
Exploits1References39
NVD
NVD
added 2026/03/27 12:16 p.m.4 views

CVE-2026-25100

Bludit is vulnerable to Stored Cross-Site Scripting XSS in its image upload functionality. An authenticated attacker with content upload privileges such as Author, Editor, or Administrator can upload an SVG file containing a malicious payload, which is executed when a victim visits the URL of the...

5.4CVSS0.0019EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/03/27 11:55 a.m.25 views

CVE-2026-25100 Stored XSS via SVG File Upload in Bludit

Bludit is vulnerable to Stored Cross-Site Scripting XSS in its image upload functionality. An authenticated attacker with content upload privileges such as Author, Editor, or Administrator can upload an SVG file containing a malicious payload, which is executed when a victim visits the URL of the...

4.8CVSS0.0019EPSS
Exploits0References2
Fedora
Fedora
added 2026/03/27 12:50 a.m.9 views

[SECURITY] Fedora 42 Update: vtk-9.2.6-38.fc42

VTK is an open-source software system for image processing, 3D graphics, volume rendering and visualization. VTK includes many advanced algorithms e.g., surface reconstruction, implicit modeling, decimation and rendering techniques e.g., hardware-accelerated volume rendering, LOD control. NOTE: T...

8.6CVSS5.8AI score0.00144EPSS
Exploits0
CNNVD
CNNVD
added 2026/03/27 12:0 a.m.13 views

Bludit 跨站脚本漏洞

Bludit is an open-source, lightweight blog content management system developed by Bludit. Versions of Bludit 3.18.2 and earlier had a cross-site scripting vulnerability. This vulnerability stemmed from a storage-based cross-site scripting flaw in the image upload function, which could allow...

8.8CVSS5.6AI score0.01919EPSS
Exploits4References2
Positive Technologies
Positive Technologies
added 2026/03/27 12:0 a.m.13 views

PT-2026-28740

The '/api/v1/files/images/flow id/file name' endpoint serves SVG files with the 'image/svg+xml' content type without sanitizing their content. Since SVG files can contain embedded JavaScript, an attacker can upload a malicious SVG that executes arbitrary JavaScript when viewed by other users,...

7CVSS5.9AI score0.00155EPSS
Exploits0References2
NVD
NVD
added 2026/03/26 5:16 p.m.3 views

CVE-2026-33636

LIBPNG is a reference library for use in applications that read, create, and manipulate PNG Portable Network Graphics raster image files. In versions 1.6.36 through 1.6.55, an out-of-bounds read and write exists in libpng's ARM/AArch64 Neon-optimized palette expansion path. When expanding 8-bit...

7.6CVSS0.00585EPSS
Exploits0References3
AlpineLinux
AlpineLinux
added 2026/03/26 4:51 p.m.1 views

CVE-2026-33636

LIBPNG is a reference library for use in applications that read, create, and manipulate PNG Portable Network Graphics raster image files. In versions 1.6.36 through 1.6.55, an out-of-bounds read and write exists in libpng's ARM/AArch64 Neon-optimized palette expansion path. When expanding 8-bit...

7.6CVSS6AI score0.00585EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/03/26 4:48 p.m.11 views

CVE-2026-33416

LIBPNG is a reference library for use in applications that read, create, and manipulate PNG Portable Network Graphics raster image files. In versions 1.2.1 through 1.6.55, pngsettRNS and pngsetPLTE each alias a heap-allocated buffer between pngstruct and pnginfo, sharing a single allocation acros...

7.5CVSS5.9AI score0.01052EPSS
Exploits1References7Affected Software1
CVE
CVE
added 2026/03/26 4:48 p.m.60 views

CVE-2026-33416

CVE-2026-33416 concerns libpng: in versions 1.2.1 through 1.6.55, png_set_tRNS and png_set_PLTE alias a 256-byte and a 768-byte heap buffer between png_struct and png_info, respectively. Freeing via PNG_FREE_TRNS/PNG_FREE_PLTE frees through info_ptr while png_ptr remains dangling, causing potenti...

7.5CVSS5.9AI score0.01052EPSS
Exploits1References6Affected Software1
RedhatCVE
RedhatCVE
added 2026/03/26 3:18 p.m.4 views

CVE-2026-21732

A web page that contains unusual GPU shader code is loaded into the GPU compiler process and can trigger a write out-of-bounds write crash in the GPU shader compiler library. On certain platforms, when the compiler process has system privileges this could enable further exploits on the device. An...

9.6CVSS5.9AI score0.00288EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:15 p.m.4 views

CVE-2026-4016

A security vulnerability has been detected in GPAC 26.03-DEV. Affected by this vulnerability is the function svginprocess of the file src/filters/loadsvg.c of the component SVG Parser. The manipulation leads to out-of-bounds write. Local access is required to approach this attack. The exploit has...

5.3CVSS5.3AI score0.00115EPSS
Exploits0References1
Rows per page
Query Builder