1682 matches found
SiYuan Note - Cross-Site Scripting
SiYuan Note through version 3.6.1 is vulnerable to unauthenticated reflected Cross-Site Scripting XSS in the /api/icon/getDynamicIcon endpoint due to improper filtering of SVG elements with a namespace prefix such as . By using a namespaced script element, attackers can bypass the SanitizeSVG...
CVE-2026-54352
Budibase is an open-source low-code platform. Prior to 3.39.9, POST /api/pwa/process-zip at packages/server/src/api/routes/static.ts:24 accepts a builder-uploaded .zip, extracts it with [email protected] into a temp directory, then for each entry listed in icons.json validates the icon path, open...
EUVD-2026-36188
ImageMagick has out-of-bounds write in ICON decoder due to incorrect loop...
ImageMagick has out-of-bounds write in ICON decoder due to incorrect loop
An incorrect loop in the ICON decoder can result in an out of bounds heap write resulting in a crash...
CVE-2026-54068
SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, the /api/icon/getDynamicIcon endpoint is explicitly excluded from authentication in SiYuan's kernel router router.go, "不需要鉴权" -- no auth needed. When called with type=8 and a valid block id parameter, this endpoint...
CVE-2026-54068
SiYuan before 3.7.0: unauthenticated access to /api/icon/getDynamicIcon where type=8 with a valid block id runs Go templates that execute arbitrary SQL (RenderDynamicIconContentTemplate), enabling an attacker to exfiltrate extensive SQLite data (notes, tags, asset refs, block attributes). The roo...
EUVD-2026-38799
A Stored Cross-Site Scripting XSS vulnerability exists in Frappe Framework version 17.0.0-dev due to improper neutralization of user-controlled input in the Desk desktop icon renderer...
CVE-2026-50703
A Stored Cross-Site Scripting XSS vulnerability exists in Frappe Framework version 17.0.0-dev due to improper neutralization of user-controlled input in the Desk desktop icon renderer...
CVE-2026-50703 Frappe Framework 17.0.0-dev - Stored XSS in Desktop Icon label rendering
A Stored Cross-Site Scripting XSS vulnerability exists in Frappe Framework version 17.0.0-dev due to improper neutralization of user-controlled input in the Desk desktop icon renderer...
CVE-2026-50703
Summary : CVE-2026-50703 affects Frappe Framework 17.0.0-dev, with a stored XSS vulnerability in the Desk desktop icon renderer caused by improper neutralization of user-controlled input. This could allow an attacker to inject malicious content into the icon label, potentially affecting users who...
CVE-2026-56302
Capgo before 12.128.2 contains an unsecured images bucket lacking any row level security controls, allowing unauthenticated attackers to read, insert, and delete stored app icons. Remote attackers can exploit this misconfiguration to delete all icons and leak sensitive app IDs and user IDs...
CVE-2026-56302 Capgo - Unsecured Supabase Images Bucket via Missing Row Level Security
Capgo before 12.128.2 contains an unsecured images bucket lacking any row level security controls, allowing unauthenticated attackers to read, insert, and delete stored app icons. Remote attackers can exploit this misconfiguration to delete all icons and leak sensitive app IDs and user IDs...
CVE-2026-56302
Capgo before 12.128.2 uses an unsecured Supabase images bucket with no row-level security, allowing unauthenticated read, insert, and delete operations on stored app icons. This misconfiguration enables attackers to delete all icons and leak sensitive app IDs and user IDs. The connected documents...
CVE-2026-4983
Open VSX Registry does not sanitize SVG files uploaded as extension icons prior to storage, and serves them with Content-Type: image/svg+xml without security headers such as Content-Security-Policy or Content-Disposition: attachment. This allows an attacker to publish an extension with a maliciou...
CVE-2026-4983
CVE-2026-4983 affects the Open VSX Registry where SVG icons uploaded as extensions are not sanitized before storage and are served as image/svg+xml without security headers. This enables stored cross-site scripting (XSS) when users navigate to the icon URL. The impact differs by deployment: on lo...
CVE-2026-56394
Craft CMS from 4.0.0-RC1 contains an authenticated path traversal vulnerability in the assets/icon endpoint where the extension parameter is not validated before file existence checks. Attackers can bypass extension validation by passing traversal sequences that resolve to existing SVG files,...
CVE-2026-56394 Craft CMS - Authenticated Path Traversal in assets/icon Extension Parameter
Craft CMS from 4.0.0-RC1 contains an authenticated path traversal vulnerability in the assets/icon endpoint where the extension parameter is not validated before file existence checks. Attackers can bypass extension validation by passing traversal sequences that resolve to existing SVG files,...
CVE-2026-56394
Craft CMS from 4.0.0-RC1 contains an authenticated path traversal vulnerability in the assets/icon endpoint where the extension parameter is not validated before file existence checks. Attackers can bypass extension validation by passing traversal sequences that resolve to existing SVG files,...
EUVD-2026-38160
Craft CMS from 4.0.0-RC1 contains an authenticated path traversal vulnerability in the assets/icon endpoint where the extension parameter is not validated before file existence checks. Attackers can bypass extension validation by passing traversal sequences that resolve to existing SVG files,...
CVE-2026-56394
Craft CMS 4.0.0-RC1 contains an authenticated path traversal in the assets/icon endpoint. The extension parameter is not validated before file-existence checks, allowing traversal sequences to resolve to existing SVG files and enabling local file read access. Root cause is improper validation of ...