Lucene search
K

18334 matches found

NVD
NVD
added 2026/03/12 6:16 p.m.14 views

CVE-2026-32139

Dataease is an open source data visualization analysis tool. In DataEase 2.10.19 and earlier, the static resource upload interface allows SVG uploads. However, backend validation only checks whether the XML is parseable and whether the root node is svg. It does not sanitize active content such as...

5.4CVSS0.002EPSS
Exploits1References1
OSV
OSV
added 2026/03/12 5:57 p.m.12 views

CVE-2026-32139 Dataease: Unfiltered active SVG content leads to Stored XSS

Dataease is an open source data visualization analysis tool. In DataEase 2.10.19 and earlier, the static resource upload interface allows SVG uploads. However, backend validation only checks whether the XML is parseable and whether the root node is svg. It does not sanitize active content such as...

5.3CVSS6AI score0.002EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/03/12 5:57 p.m.15 views

CVE-2026-32139 Dataease: Unfiltered active SVG content leads to Stored XSS

Dataease is an open source data visualization analysis tool. In DataEase 2.10.19 and earlier, the static resource upload interface allows SVG uploads. However, backend validation only checks whether the XML is parseable and whether the root node is svg. It does not sanitize active content such as...

5.3CVSS6AI score0.002EPSS
Exploits1References1
CVE
CVE
added 2026/03/12 5:57 p.m.10 views

CVE-2026-32139

DataEase is an open-source data visualization tool. In DataEase 2.10.19 and earlier, the static resource upload interface allows SVG uploads. Backend validation only checks that the XML is parseable and that the root node is svg, and does not sanitize active content (e.g., onload/onerror event ha...

5.4CVSS5.9AI score0.002EPSS
Exploits1References1Affected Software1
EUVD
EUVD
added 2026/03/12 5:57 p.m.24 views

EUVD-2026-11649

Dataease is an open source data visualization analysis tool. In DataEase 2.10.19 and earlier, the static resource upload interface allows SVG uploads. However, backend validation only checks whether the XML is parseable and whether the root node is svg. It does not sanitize active content such as...

5.3CVSS5.9AI score0.002EPSS
Exploits1References1
OSV
OSV
added 2026/03/12 2:48 p.m.4 views

BIT-PARSE-2026-30948 Parse Server has stored cross-site scripting (XSS) via SVG file upload

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.5.2 and 8.6.17, a stored cross-site scripting XSS vulnerability allows any authenticated user to upload an SVG file containing JavaScript. The file is served inline with Content-Type...

8.3CVSS5.7AI score0.00216EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/03/12 2:11 p.m.6 views

ImageMagick has stack write buffer overflow in MNG encoder

A stack buffer overflow vulnerability exists in the MNG encoder. There is a bounds checks missing that could corrupting the stack with attacker-controlled data. ==2265506==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7ffec4971310 at pc 0x55e671b8a072 bp 0x7ffec4970f70 sp...

6.9CVSS6.1AI score0.00096EPSS
Exploits0References4Affected Software19
SUSE Linux
SUSE Linux
added 2026/03/12 10:18 a.m.9 views

Security update for MozillaThunderbird

This update for MozillaThunderbird fixes the following issues: Mozilla Thunderbird 140.8 MFSA 2026-17 bsc1258568: CVE-2026-2757: Incorrect boundary conditions in the WebRTC: Audio/Video component CVE-2026-2758: Use-after-free in the JavaScript: GC component CVE-2026-2759: Incorrect boundary...

8.8CVSS5.8AI score0.00604EPSS
Exploits0References76
OSV
OSV
added 2026/03/12 9:15 a.m.4 views

UBUNTU-CVE-2026-4016

A security vulnerability has been detected in GPAC 26.03-DEV. Affected by this vulnerability is the function svginprocess of the file src/filters/loadsvg.c of the component SVG Parser. The manipulation leads to out-of-bounds write. Local access is required to approach this attack. The exploit has...

5.3CVSS5.2AI score0.00115EPSS
Exploits0References9
RedHat Linux
RedHat Linux
added 2026/03/12 8:19 a.m.3 views

firefox: thunderbird: Use-after-free in the Graphics: ImageLib component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Use-after-free in the Graphics: ImageLib component...

9.8CVSS5.7AI score0.00318EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/03/12 8:19 a.m.2 views

firefox: thunderbird: Sandbox escape in the Graphics: WebRender component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Sandbox escape in the Graphics: WebRender component...

10CVSS5.7AI score0.00395EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/03/12 8:19 a.m.2 views

firefox: thunderbird: Incorrect boundary conditions in the Graphics: ImageLib component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Incorrect boundary conditions in the Graphics: ImageLib component...

9.8CVSS5.7AI score0.00395EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/03/12 12:0 a.m.6 views

DataEase 跨站脚本漏洞

DataEase is an open-source data visualization and analysis tool developed by DataEase. It helps users quickly analyze data and gain insights into business trends, thereby enabling improvements and optimizations in operations. DataEase versions 2.10.19 and earlier contained a cross-site scripting...

5.4CVSS5.7AI score0.002EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/03/12 12:0 a.m.9 views

GPAC 缓冲区错误漏洞

GPAC is an open-source multimedia framework developed by GPAC. The GPAC 26.03-DEV version contains a buffer error vulnerability, which stems from an out-of-bounds write operation in the function svinprocess of the SVG Parser component’s src/filters/loadsvg.c file...

5.3CVSS6.2AI score0.00115EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2026/03/11 10:4 p.m.2 views

CVE-2026-3931

Heap buffer overflow in Skia in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. Chromium security severity: Medium...

6.1AI score0.0025EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/03/11 7:52 p.m.24 views

CVE-2026-32095 Plunk has Stored Cross-Site Scripting (XSS) via SVG File Upload

Plunk is an open-source email platform built on top of AWS SES. Prior to 0.7.1, Plunk's image upload endpoint accepted SVG files, which browsers treat as active documents capable of executing embedded JavaScript, creating a stored XSS vulnerability. This vulnerability is fixed in 0.7.1...

5.4CVSS0.00136EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/11 7:52 p.m.3 views

CVE-2026-32095 Plunk has Stored Cross-Site Scripting (XSS) via SVG File Upload

Plunk is an open-source email platform built on top of AWS SES. Prior to 0.7.1, Plunk's image upload endpoint accepted SVG files, which browsers treat as active documents capable of executing embedded JavaScript, creating a stored XSS vulnerability. This vulnerability is fixed in 0.7.1...

5.4CVSS5.8AI score0.00136EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/11 7:52 p.m.6 views

EUVD-2026-11334

Plunk is an open-source email platform built on top of AWS SES. Prior to 0.7.1, Plunk's image upload endpoint accepted SVG files, which browsers treat as active documents capable of executing embedded JavaScript, creating a stored XSS vulnerability. This vulnerability is fixed in 0.7.1...

5.4CVSS5.8AI score0.00136EPSS
Exploits0References1
OSV
OSV
added 2026/03/11 7:52 p.m.2 views

CVE-2026-32095 Plunk has Stored Cross-Site Scripting (XSS) via SVG File Upload

Plunk is an open-source email platform built on top of AWS SES. Prior to 0.7.1, Plunk's image upload endpoint accepted SVG files, which browsers treat as active documents capable of executing embedded JavaScript, creating a stored XSS vulnerability. This vulnerability is fixed in 0.7.1...

5.4CVSS5.8AI score0.00136EPSS
Exploits0References3
SUSE Linux
SUSE Linux
added 2026/03/11 5:6 p.m.25 views

Security update for MozillaFirefox

This update for MozillaFirefox fixes the following issues: Update to Firefox Extended Support Release 140.8.0 ESR MFSA 2026-15 bsc1258568: CVE-2026-2757: Incorrect boundary conditions in the WebRTC: Audio/Video component CVE-2026-2758: Use-after-free in the JavaScript: GC component CVE-2026-2759:...

8.8CVSS5.8AI score0.00604EPSS
Exploits0References76
Rows per page
Query Builder