Lucene search
K

22 matches found

EUVD
EUVD
added 2026/06/08 10:54 a.m.11 views

EUVD-2026-35044

A flaw was found in Quay. The filedrop endpoint accepts any mime type without validation, allowing an authenticated user with repository write access to upload a malicious SVG file containing JavaScript. The file is stored and served inline through the CDN, enabling stored cross-site scripting wh...

5.4CVSS5.2AI score0.00138EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2021-23899

Malware in sbrugna...

5.4CVSS5.5AI score0.00551EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.11 views

EUVD-2022-33257

Malicious code in bioql PyPI...

9.3CVSS7.6AI score0.02679EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.8 views

EUVD-2021-30974

Malicious code in bioql PyPI...

5.4CVSS5.4AI score0.00772EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/06/09 12:0 a.m.3 views

CVE-2025-45055

Silverpeas 6.4.2 contains a stored cross-site scripting XSS vulnerability in the event management module. An authenticated user can upload a malicious SVG file as an event attachment, which, when viewed by an administrator, executes embedded JavaScript in the admin's session. This allows attacker...

5.9AI score0.00267EPSS
Exploits1References2
Cvelist
Cvelist
added 2025/06/09 12:0 a.m.9 views

CVE-2025-45055

Silverpeas 6.4.2 contains a stored cross-site scripting XSS vulnerability in the event management module. An authenticated user can upload a malicious SVG file as an event attachment, which, when viewed by an administrator, executes embedded JavaScript in the admin's session. This allows attacker...

0.00267EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2025/05/23 1:19 a.m.11 views

CVE-2022-3137

The Taskbuilder WordPress plugin before 1.0.8 does not validate and sanitise task's attachments, which could allow any authenticated user such as subscriber creating a task to perform Stored Cross-Site Scripting by attaching a malicious SVG file...

5.4CVSS5.9AI score0.00468EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:7 p.m.7 views

CVE-2021-37794

A stored cross-site scripting XSS vulnerability exists in FileBrowser v2.16.0 that allows an authenticated user authorized to upload a malicious .svg file which acts as a stored XSS payload. If this stored XSS payload is triggered by an administrator it will trigger malicious OS commands on the...

5.4CVSS4.9AI score0.00779EPSS
Exploits0References1
GithubExploit
GithubExploit
added 2025/04/17 12:8 p.m.530 views

Exploit for Code Injection in Webkul Krayin_Crm

CVE-2025-3568 Privilege Escalation via Malicious SVG File...

5.4CVSS4.1AI score0.00326EPSS
Exploits2
Tenable Nessus
Tenable Nessus
added 2024/10/21 12:0 a.m.16 views

Adobe Character Animator 4.0.0 < 4.4.7 / 22.0 < 22.4 Arbitrary code execution (APSB22-21) (macOS)

The version of Adobe Character Animator installed on the remote macOS host is prior to 22.4, 4.4.7. It is, therefore, affected by a vulnerability as referenced in the APSB22-21 advisory. - Adobe Character Animator versions 4.4.2 and earlier and 22.3 and earlier are affected by an out-of- bounds...

9.3CVSS8.1AI score0.02679EPSS
Exploits0References2
Veracode
Veracode
added 2023/08/24 5:40 a.m.31 views

Server-Side Request Forgery (SSRF)

Apache XML Graphics Batik is vulnerable to Server-Side Request Forgery SSRF. An attacker is able to trick the application into loading a malicious SVG file, which could then be used to cause excess resource consumption or make unauthorized requests to other systems...

7.1CVSS6.9AI score0.00786EPSS
Exploits0References10Affected Software3
Huntr
Huntr
added 2023/08/18 12:19 p.m.11 views

Stored XSS

Description Due to insufficient validation of uploaded files - bad actors can upload malicious SVG file with XSS payload. That leads to Stored XSS. Because accessToken cookie has valid HttpOnly flag, can not take victims cookie there in this way, but please keep in mind that XSS in general is abo...

6.1AI score
Exploits0References3
Veracode
Veracode
added 2022/12/27 4:0 a.m.18 views

Cross-site Scripting (XSS)

github.com/usememos/memos is vulnerable to cross site scripting. The vulnerability exists in the NewServer function of server.go because of a image direct link due to improper user-input sanitization by uploading a malicious svg file...

5.4CVSS5.2AI score0.00601EPSS
Exploits1References4Affected Software1
Prion
Prion
added 2022/05/12 7:15 p.m.11 views

Cross site scripting

Adobe Character Animator versions 4.4.2 and earlier and 22.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicio...

9.3CVSS7.8AI score0.02679EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2022/05/12 6:55 p.m.98 views

CVE-2022-28819

CVE-2022-28819 affects Adobe Character Animator versions 4.4.2 (and earlier) and 22.3 (and earlier). The issue is an out-of-bounds write vulnerability that could allow arbitrary code execution in the context of the current user. Exploitation requires user interaction: a victim must open a malicio...

9.3CVSS7.8AI score0.02679EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2021/12/20 9:15 p.m.18 views

Design/Logic Flaw

Adobe Dimension versions 3.4.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim...

4.3CVSS3.6AI score0.0174EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2021/09/27 4:15 p.m.18 views

CVE-2021-39823

Adobe svg-native-viewer 8182d14dfad5d1e10f53ed830328d7d9a3cfa96d and earlier versions are affected by a heap buffer overflow vulnerability due to insecure handling of a malicious .svg file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is...

7.8CVSS0.04115EPSS
Exploits0References1
NVD
NVD
added 2020/12/30 4:15 p.m.18 views

CVE-2020-5810

A stored XSS vulnerability exists in Umbraco CMS = 8.9.1 or current. An authenticated user authorized to upload media can upload a malicious .svg file which act as a stored XSS payload...

5.4CVSS5.2AI score0.662EPSS
Exploits1References1
Veracode
Veracode
added 2020/11/05 3:18 a.m.28 views

Denial Of Service (DoS)

librsvg is vulnerable to denial of service. An attacker is able to cause a resource exhaustion via a malicious SVG file containing nested patterns...

6.5CVSS4.4AI score0.02125EPSS
Exploits0References12Affected Software1
Packet Storm
Packet Storm
added 2019/02/26 12:0 a.m.54 views

SVG nanosvg Library Memory Corruption / Denial Of Service

The SVG library nanosvg 0 suffers from a memory corruption bug that can lead to at least DoS. The bug exists in the nsvgparseColorRGB function, which can be reached by parsing a malicious SVG file through nsvgParseFromFile or nsvgParse. This should also affect libraries/packages that provide...

0.6AI score
Exploits0
Rows per page
Query Builder