CVE-2025-14120

The URL Image Importer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.7 due to insufficient sanitization of SVG files. This makes it possible for authenticated attackers, with Author-level access and above, to injec...

PT-2026-1410

Name of the Vulnerable Software and Affected Versions URL Image Importer plugin for WordPress versions up to and including 1.0.7 Description The URL Image Importer plugin for WordPress is susceptible to Stored Cross-Site Scripting through SVG file uploads. Insufficient sanitization of SVG files...

GHSA-M2Q5-XHQG-92R2 evershop allows unauthenticated attackers to exhaust application server's resources via "GET /images" API

A Denial of Service DoS vulnerability in evershop 2.1.0 and prior allows unauthenticated attackers to exhaust the application server's resources via the "GET /images" API. The application fails to limit the height of the use-element shadow tree or the dimensions of pattern tiles during the...

PT-2026-1330

Name of the Vulnerable Software and Affected Versions evershop versions prior to 2.1.0 Description A Denial of Service DoS issue exists in evershop that allows unauthenticated attackers to exhaust application server resources. This occurs through the use of the ''GET /images'' API endpoint. The...

CVE-2025-67419

A Denial of Service DoS vulnerability in evershop 2.1.0 and prior allows unauthenticated attackers to exhaust the application server's resources via the "GET /images" API. The application fails to limit the height of the use-element shadow tree or the dimensions of pattern tiles during the...

EverShop 安全漏洞

EverShop is a NodeJS e-commerce platform open-sourced by EverShop. A security vulnerability exists in EverShop 2.1.0 and earlier versions, which stems from unlimited resource consumption when processing SVG files and could lead to a denial of service attack...

EUVD-2026-0754

Emlog is an open source website building system. Versions up to and including 2.5.19 are vulnerable to server-side Out-of-Band OOB requests / SSRF via uploaded SVG files. An attacker can upload a crafted SVG to http://emblog/admin/media.php which contains external resource references. When the...

CVE-2026-21433 Emlog vulnerable to Server-Side Request Forgery (SSRF)

Emlog is an open source website building system. Versions up to and including 2.5.19 are vulnerable to server-side Out-of-Band OOB requests / SSRF via uploaded SVG files. An attacker can upload a crafted SVG to http://emblog/admin/media.php which contains external resource references. When the...

CVE-2026-21433

Summary: CVE-2026-21433 affects Emlog up to v2.5.19. The vulnerability is a server-side SSRF/OOB via uploaded SVG files. An attacker can upload a crafted SVG to /admin/media.php; when Emlog processes or renders the SVG (thumbnailing/preview/sanitization), the server issues an HTTP request to an a...

CVE-2025-68950

A flaw was found in ImageMagick, free and open-source software used for editing and manipulating digital images. ImageMagick fails to check for circular references between two Magick Vector Graphics MVG files. A remote attacker could exploit this by providing a specially crafted MVG file, leading...

CVE-2025-68618

A flaw was found in ImageMagick, free and open-source software used for editing and manipulating digital images. An attacker could exploit this vulnerability by providing a specially crafted malicious SVG Scalable Vector Graphics file. Processing this file would lead to a Denial of Service DoS...

Vulnerability fixed in Roundcube Webmail

Roundcube has fixed a vulnerability in Roundcube Webmail. An unauthenticated malicious party can exploit the vulnerability to perform a cross-site scripting attack. The malicious party can thus execute JavaScript code in a user's browser and take over a user's account, for example. To do this, th...

WordPress WP Enabled SVG plugin <= 0.2 - Author+ Stored XSS via SVG vulnerability

Author+ Stored XSS via SVG vulnerability discovered by Pierre Rudloff in WordPress Plugin WP Enabled SVG versions = 0.2...

Uncontrolled Recursion

Overview Magick.NET-Q16-HDRI-OpenMP-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this...

Uncontrolled Recursion

Overview Magick.NET-Q8-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

Uncontrolled Recursion

Overview Affected versions of this package are vulnerable to Uncontrolled Recursion via the DrawPrimitive function in the draw.c file. An attacker can cause a stack overflow and application crash by providing MVG files containing circular references. Remediation A fix was pushed into the master...

GHSA-7RVH-XQP3-PR8J ImageMagick's failure to limit MVG mutual causes Stack Overflow

Summary Magick fails to check for circular references between two MVGs, leading to a stack overflow. Details After reading mvg1 using Magick, the following is displayed: ./magick -limit memory 2GiB -limit map 2GiB -limit disk 0 mvg:L1.mvg out.png AddressSanitizer:DEADLYSIGNAL...

Uncontrolled Recursion

Overview Magick.NET-Q16-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

ImageMagick's failure to limit MVG mutual causes Stack Overflow

Summary Magick fails to check for circular references between two MVGs, leading to a stack overflow. Details After reading mvg1 using Magick, the following is displayed: ./magick -limit memory 2GiB -limit map 2GiB -limit disk 0 mvg:L1.mvg out.png AddressSanitizer:DEADLYSIGNAL...

GHSA-P27M-HP98-6637 ImageMagick's failure to limit the depth of SVG file reads caused a DoS attack

Summary Using Magick to read a malicious SVG file resulted in a DoS attack. Details bt obtained using gdb: 4 0x0000555555794c9c in ResizeMagickMemory memory=0x7fffee203800, size=391344 at MagickCore/memory.c:1443 5 0x0000555555794e5a in ResizeQuantumMemory memory=0x7fffee203800, count=48918,...