SUSE CVE-2026-11180

Inappropriate implementation in SVG in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: Medium...

CVE-2026-11182

CVE-2026-11182 involves an inappropriate SVG implementation in Google Chrome before 149.0.7827.53 that could allow a remote attacker to leak cross-origin data via a crafted HTML page. The underlying issue is in the SVG handling within Chromium-based Chromium builds, leading to cross-origin data e...

CVE-2026-11166

Inappropriate implementation in SVG in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to inject arbitrary scripts or HTML UXSS via a crafted HTML page. Chromium security severity: Medium...

UBUNTU-CVE-2026-25989

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a crafted SVG file can cause a denial of service. An off-by-one boundary check instead of = that allows bypass the guard and reach an undefined sizet cast...

OESA-2026-1034 ImageMagick security update

Use ImageMagick to create, edit, compose, or convert bitmap images. It can read and write images in a variety of formats over 200 including PNG, JPEG, GIF, HEIC, TIFF, DPX, EXR, WebP, Postscript, PDF, and SVG. Use ImageMagick to resize, flip, mirror, rotate, distort, shear and transform images,...

Uncontrolled Recursion

Overview Affected versions of this package are vulnerable to Uncontrolled Recursion via the SVGStartElement and ResizeQuantumMemory functions. An attacker can cause application crashes or resource exhaustion by submitting SVG files that trigger excessive memory allocation. PoC 1. Generate an SVG...

CVE-2025-66520

CVE-2025-66520 affects the Foxit PDF Editor cloud (pdfonline.foxit.com) in its Portfolio feature. The vulnerability is a stored XSS caused by user-supplied SVG files not being properly sanitized or validated before insertion into the HTML structure, enabling embedded HTML/JavaScript to execute wh...

CVE-2025-68461

Roundcube Webmail contains a Cross-Site Scripting XSS vulnerability in its SVG handling. The application fails to properly sanitize the tag within SVG documents, allowing attackers to inject malicious scripts, potentially enabling session hijacking, credential theft, or unauthorized actions on...

FileRise 跨站脚本漏洞

FileRise is a lightweight, self-hosted web-based file manager by Ryan Personal Developer. A cross-site scripting vulnerability exists in FileRise versions prior to 2.2.3, which stems from improper handling of SVG files and could lead to stored cross-site scripting...

Skuul school management system 代码注入漏洞

Skuul school management system is a school management system by the individual developer Marvellous Ifezue. A code injection vulnerability exists in Skuul School Management System version 2.6.5 and earlier, which stems from improper handling of SVG files in the file /dashboard/schools/1/edit, whi...

Exploit for CVE-2025-61183

CVE-2025-61183 Stored XSS in User Avatar Upload via Unsafe S...

EUVD-2011-3000

Malware in sbrugna...

EUVD-2010-3113

Malware in sbrugna...

Mobile Security Framework（MobSF） 跨站脚本漏洞

Mobile Security Framework MobSF is Mobile Security Framework open source an automated all-in-one mobile application . Used for penetration testing, malware analysis and security assessments, it is capable of performing both static and dynamic analysis. A cross-site scripting vulnerability exists ...

CVE-2025-25190

The ZOO-Project is an open source processing platform. The ZOO-Project Web Processing Service WPS Server contains a Cross-Site Scripting XSS vulnerability in its EchoProcess service prior to commit 7a5ae1a. The vulnerability exists because the EchoProcess service directly reflects user input in i...

CVE-2025-25190 [XBOW-025-033] Cross-Site Scripting (XSS) via EchoProcess Service in ZOO-Project WPS Server

The ZOO-Project is an open source processing platform. The ZOO-Project Web Processing Service WPS Server contains a Cross-Site Scripting XSS vulnerability in its EchoProcess service prior to commit 7a5ae1a. The vulnerability exists because the EchoProcess service directly reflects user input in i...

CVE-2025-25190

CVE-2025-25190 affects the ZOO-Project Web Processing Service (WPS) EchoProcess, where user input is echoed without proper sanitization. The vulnerability arises when handling complex inputs (XML, JSON, SVG); processing SVG content returned with image/svg+xml can expose arbitrary JavaScript via a...

TCPDF 安全漏洞

TCPDF is an open source library from Tecnick. It is used to generate PDF documents and barcodes. A security vulnerability exists in versions of TCPDF prior to 6.8.0 that stems from etSVGStyles does not clean up SVG font family properties...

CVE-2024-52597

2FAuth is a web app to manage Two-Factor Authentication 2FA accounts and generate their security codes. Versions prior to 5.4.1 are vulnerable to stored cross-site scripting due to improper headers in direct access to uploaded SVGs. The application allows uploading images in several places. One o...

MGASA-2023-0332 Updated roundcubemail packages fix XSS security vulnerabilities

Updated roundcubemail package fixes security vulnerabilities: Fix cross-site scripting XSS vulnerability in setting Content-Type/ Content-Disposition for attachment preview/download CVE-2023-47272 Fix cross-site scripting XSS vulnerability in handling of SVG in HTML messages. CVE-2023-5631 Some...