Linux Distros Unpatched Vulnerability : CVE-2022-23514

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Loofah is a general library for manipulating and transforming HTML/XML documents and fragments, built on top of Nokogiri. Loofah 2.19.1 contains an inefficient...

Linux Distros Unpatched Vulnerability : CVE-2022-23517

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Certain configurations of rails-html-sanitizer 1.4.4 use an inefficient...

Linux Distros Unpatched Vulnerability : CVE-2018-6077

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Displacement map filters being applied to cross-origin images in Blink SVG rendering in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to leak...

CVE-2025-9145

A security vulnerability has been detected in Scada-LTS 2.7.8.1. This issue affects some unknown processing of the file viewedit.shtm of the component SVG File Handler. Such manipulation of the argument backgroundImageMP leads to cross site scripting. The attack can be launched remotely. The...

CVE-2025-9145 Scada-LTS SVG File view_edit.shtm cross site scripting

A security vulnerability has been detected in Scada-LTS 2.7.8.1. This issue affects some unknown processing of the file viewedit.shtm of the component SVG File Handler. Such manipulation of the argument backgroundImageMP leads to cross site scripting. The attack can be launched remotely. The...

CVE-2025-9145 Scada-LTS SVG File view_edit.shtm cross site scripting

A security vulnerability has been detected in Scada-LTS 2.7.8.1. This issue affects some unknown processing of the file viewedit.shtm of the component SVG File Handler. Such manipulation of the argument backgroundImageMP leads to cross site scripting. The attack can be launched remotely. The...

CVE-2025-9145

Scada-LTS 2.7.8.1 is affected by a cross-site scripting vulnerability in the SVG File Handler, specifically via manipulation of the backgroundImageMP argument in view_edit.shtm. The issue can be triggered remotely and, per multiple sources, the exploit has been publicly disclosed. Current connect...

MoonShine Arbitrary File Upload Vulnerability

An arbitrary file upload vulnerability in MoonShine v3.12.4 allows attackers to execute arbitrary code via uploading a crafted SVG file...

GHSA-8XFQ-7F6M-MPMF MoonShine Arbitrary File Upload Vulnerability

An arbitrary file upload vulnerability in MoonShine v3.12.4 allows attackers to execute arbitrary code via uploading a crafted SVG file...

CVE-2025-51489

A Stored Cross-Site Scripting XSS vulnerability exists in MoonShine version 3.12.5, allowing remote attackers to upload a malicious SVG file when creating/updating an Article and correctly execute arbitrary JavaScript when the file link is opened...

CVE-2025-51489

A Stored Cross-Site Scripting XSS vulnerability exists in MoonShine version 3.12.5, allowing remote attackers to upload a malicious SVG file when creating/updating an Article and correctly execute arbitrary JavaScript when the file link is opened...

CVE-2025-51489

A Stored Cross-Site Scripting XSS vulnerability exists in MoonShine version 3.12.5, allowing remote attackers to upload a malicious SVG file when creating/updating an Article and correctly execute arbitrary JavaScript when the file link is opened...

PT-2025-33740 · Moonshine · Moonshine

Name of the Vulnerable Software and Affected Versions: MoonShine version 3.12.4 Description: An arbitrary file upload vulnerability exists in MoonShine version 3.12.4. Attackers can execute arbitrary code by uploading a crafted SVG file. Recommendations: At the moment, there is no information abo...

Linux Distros Unpatched Vulnerability : CVE-2020-6816

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Mozilla Bleach before 3.12, a mutation XSS in bleach.clean when RCDATA and either svg or math tags are whitelisted and the keyword argument strip=False...

Linux Distros Unpatched Vulnerability : CVE-2023-5631

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Roundcube before 1.4.15, 1.5.x before 1.5.5, and 1.6.x before 1.6.4 allows stored XSS via an HTML e-mail message with a crafted SVG document because of...

Linux Distros Unpatched Vulnerability : CVE-2019-6245

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Anti-Grain Geometry AGG 2.4 as used in SVG++ aka svgpp 1.2.3. In the function agg::cellaa::notequal, dx is assigned to x2 - x1. If dx...

Linux Distros Unpatched Vulnerability : CVE-2024-33103

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An arbitrary file upload vulnerability in the Media Manager component of DokuWiki 2024-02-06a allows attackers to execute arbitrary code by uploading a crafted...

Linux Distros Unpatched Vulnerability : CVE-2017-15574

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Redmine before 3.2.6 and 3.3.x before 3.3.3, stored XSS is possible by using an SVG document as an attachment. CVE-2017-15574 Note that Nessus relies on the...

Trojans Embedded in .svg Files

Porn sites are hiding code in .svg files: Unpacking the attack took work because much of the JavaScript in the .svg images was heavily obscured using a custom version of "JSFuck," a technique that uses only a handful of character types to encode JavaScript into a camouflaged wall of text. Once...

Linux Distros Unpatched Vulnerability : CVE-2020-26956

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In some cases, removing HTML elements during sanitization would keep existing SVG event handlers and therefore lead to XSS. This vulnerability affects Firefox 8...