CVE-2026-21433

Summary: CVE-2026-21433 affects Emlog up to v2.5.19. The vulnerability is a server-side SSRF/OOB via uploaded SVG files. An attacker can upload a crafted SVG to /admin/media.php; when Emlog processes or renders the SVG (thumbnailing/preview/sanitization), the server issues an HTTP request to an a...

CVE-2023-53925

UliCMS 2023.1 contains a stored cross-site scripting vulnerability that allows attackers to upload malicious SVG files with embedded JavaScript. Attackers can upload crafted SVG files through the file management interface that execute arbitrary scripts when viewed by other users...

PT-2025-49267

Name of the Vulnerable Software and Affected Versions Nextcloud Server versions prior to 31.0.12 Nextcloud Server Enterprise versions prior to 31.0.12 Nextcloud Server versions prior to 32.0.3 Nextcloud Server Enterprise versions prior to 32.0.3 Description Nextcloud Server and Server Enterprise...

Shimmie cross-site scripting vulnerability (CNVD-2018-06088)

Shimmie is a set of image panels for installing and configuring Web sites. A cross-site scripting vulnerability exists in Shimmie 2 version 2.6.0, which stems from the program failing to properly handle uploaded SVG files. A remote attacker can exploit the vulnerability by uploading a specially...