openSUSE 16 Security Update : roundcubemail (openSUSE-SU-2026:20586-1)

The remote openSUSE 16 host has a package installed that is affected by a vulnerability as referenced in the openSUSE- SU-2026:20586-1 advisory. Changes in roundcubemail: - update to 1.6.15 This is a security update to the stable version 1.6 of Roundcube Webmail. It provides fixes to some...

Fedora 42 : roundcubemail (2026-051825ca18)

The remote Fedora 42 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-051825ca18 advisory. Version 1.6.15 This is a security update to the stable version 1.6 of Roundcube Webmail. It provides fixes to some regressions introduced in the...

Linux Distros Unpatched Vulnerability : CVE-2026-35545

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Roundcube Webmail before 1.5.15 and 1.6.15. The remote image blocking feature can be bypassed via SVG content in an e-mail message...

CVE-2026-34974 phpMyFAQ: SVG Sanitizer Bypass via HTML Entity Encoding leads to Stored XSS and Privilege Escalation

phpMyFAQ is an open source FAQ web application. Prior to version 4.1.1, the regex-based SVG sanitizer in phpMyFAQ SvgSanitizer.php can be bypassed using HTML entity encoding in javascript: URLs within SVG attributes. Any user with editfaq permission can upload a malicious SVG that executes...

GO-2026-4721 SiYuan has a SanitizeSVG bypass via data:text/xml in getDynamicIcon (incomplete fix for CVE-2026-29183) in github.com/siyuan-note/siyuan

SiYuan has a SanitizeSVG bypass via data:text/xml in getDynamicIcon incomplete fix for CVE-2026-29183 in github.com/siyuan-note/siyuan...

CVE-2026-33172 Statamic has Stored XSS via SVG Sanitization Bypass

Statamic is a Laravel and Git powered content management system CMS. Prior to versions 5.73.14 and 6.7.0, a stored XSS vulnerability in SVG asset reuploads allows authenticated users with asset upload permissions to bypass SVG sanitization and inject malicious JavaScript that executes when the...

Security update for roundcubemail (important)

openSUSE Security Update: Security update for roundcubemail Announcement ID: openSUSE-SU-2026:0071-1 Rating: important References: 1255306 1255308 1257909 1258052 Cross-References: CVE-2025-68460 CVE-2025-68461 CVE-2026-25916 CVE-2026-26079 CVSS scores: CVE-2026-26079 SUSE: 5.3...

Security update for roundcubemail (important)

openSUSE Security Update: Security update for roundcubemail Announcement ID: openSUSE-SU-2026:0070-1 Rating: important References: 1255306 1255308 1257909 1258052 Cross-References: CVE-2025-68460 CVE-2025-68461 CVE-2026-25916 CVE-2026-26079 CVSS scores: CVE-2026-26079 SUSE: 5.3...

FreeBSD : Roundcube -- Multiple vulnerabilities (f301a241-04d3-11f1-a38c-8447094a420f)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the f301a241-04d3-11f1-a38c-8447094a420f advisory. The Roundcube project reports: Unspecified CSS injection vulnerability. Remote image blocking bypass vi...

CVE-2025-12846

The Blocksy Companion plugin for WordPress is vulnerable to authenticated arbitrary file upload in all versions up to, and including, 2.1.19. This is due to insufficient file type validation detecting SVG files, allowing double extension files to bypass sanitization while being accepted as a vali...

CVE-2025-12846 Blocksy Companion <= 2.1.19 - Authenticated (Author+) Arbitrary File Upload via SVG Upload Bypass

The Blocksy Companion plugin for WordPress is vulnerable to authenticated arbitrary file upload in all versions up to, and including, 2.1.19. This is due to insufficient file type validation detecting SVG files, allowing double extension files to bypass sanitization while being accepted as a vali...

CVE-2025-12846 Blocksy Companion <= 2.1.19 - Authenticated (Author+) Arbitrary File Upload via SVG Upload Bypass

The Blocksy Companion plugin for WordPress is vulnerable to authenticated arbitrary file upload in all versions up to, and including, 2.1.19. This is due to insufficient file type validation detecting SVG files, allowing double extension files to bypass sanitization while being accepted as a vali...

Vite allows server.fs.deny to be bypassed with .svg or relative paths

Summary The contents of arbitrary files can be returned to the browser. Impact Only apps explicitly exposing the Vite dev server to the network using --host or server.host config option are affected. Details .svg Requests ending with .svg are loaded at this line...

CVE-2022-21650 Stored XSS via html file upload in convos

Convos is an open source multi-user chat that runs in a web browser. You can't use SVG extension in Convos' chat window, but you can upload a file with an .html extension. By uploading an SVG file with an html extension the upload filter can be bypassed. This causes Stored XSS. Also, after...

Mandriva Linux Security Advisory : mediawiki (MDVSA-2015:200)

Updated mediawiki packages fix security vulnerabilities : In MediaWiki before 1.23.9, one could circumvent the SVG MIME blacklist for embedded resources. This allowed an attacker to embed JavaScript in the SVG CVE-2015-2931. In MediaWiki before 1.23.9, the SVG filter to prevent injecting JavaScri...

Mozilla Firefox < 36.0.4 SVG Bypass Privilege Escalation

Binary data 8685.prm...

Firefox ESR 31.x < 31.5.3 SVG Bypass Privilege Escalation (Mac OS X)

The version of Mozilla Firefox ESR 31.x installed on the remote Mac OS X host is prior to 31.5.3. It is, therefore, affected by a privilege escalation vulnerability due to a flaw within 'docshell/base/nsDocShell.cpp', which relates to SVG format content navigation. A remote attacker can exploit...

Firefox < 36.0.4 SVG Bypass Privilege Escalation (Mac OS X)

The version of Mozilla Firefox installed on the remote Mac OS X host is prior to 36.0.4. It is, therefore, affected by a privilege escalation vulnerability due to a flaw within 'docshell/base/nsDocShell.cpp', which relates to SVG format content navigation. A remote attacker can exploit this to...

Firefox ESR 31.x < 31.5.3 SVG Bypass Privilege Escalation

The version of Mozilla Firefox ESR 31.x installed on the remote Windows host is prior to 31.5.3. It is, therefore, affected by a privilege escalation vulnerability due to a flaw within 'docshell/base/nsDocShell.cpp', which relates to SVG format content navigation. A remote attacker can exploit th...