Important: Red Hat Security Advisory: qt6-qtsvg security update

An update for qt6-qtsvg is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fro...

EUVD-2025-60966

The Progress Bar Blocks for Gutenberg plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-leve...

CVE-2025-12880 Progress Bar Blocks for Gutenberg <= 1.0.0 - Authenticated (Author+) Stored Cross-Site Scripting via SVG

The Progress Bar Blocks for Gutenberg plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-leve...

CVE-2025-12880 Progress Bar Blocks for Gutenberg <= 1.0.0 - Authenticated (Author+) Stored Cross-Site Scripting via SVG

The Progress Bar Blocks for Gutenberg plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-leve...

PT-2025-46324

Name of the Vulnerable Software and Affected Versions Blocksy Companion plugin for WordPress versions up to and including 2.1.19 Description The Blocksy Companion plugin for WordPress is susceptible to authenticated arbitrary file upload due to insufficient file type validation. Specifically, the...

PT-2025-46298

Name of the Vulnerable Software and Affected Versions Progress Bar Blocks for Gutenberg plugin for WordPress versions prior to 1.0.1 Description The Progress Bar Blocks for Gutenberg plugin for WordPress is susceptible to Stored Cross-Site Scripting through SVG File uploads. Insufficient input...

RLSA-2025:19772 Important: qt6-qtsvg security update

Scalable Vector Graphics SVG is an XML-based language for describing two-dimensional vector graphics. Qt provides classes for rendering and displaying SVG drawings in widgets and on other paint devices. Security Fixes: qtsvg: Use-after-free vulnerability in Qt SVG CVE-2025-10729 For more details...

[SECURITY] Fedora 42 Update: qt5-qtsvg-5.15.18-1.fc42

Scalable Vector Graphics SVG is an XML-based language for describing two-dimensional vector graphics. Qt provides classes for rendering and displaying SVG drawings in widgets and on other paint devices...

CVE-2025-63307

The CVE-2025-63307 issue affects alexusmai/laravel-file-manager v3.3.1. It describes a Cross-Site Scripting (XSS) vulnerability where user-controlled uploads/renames of HTML and SVG files are served inline without adequate content-type validation or output sanitization, enabling stored XSS. Sever...

CVE-2025-63307

alexusmai laravel-file-manager 3.3.1 is vulnerable to Cross Site Scripting XSS. The application permits user-controlled upload, create, and rename of files to HTML and SVG types and serves those files inline without adequate content-type validation or output sanitization...

qtsvg: Use-after-free vulnerability in Qt SVG

A use after free flaw has been discovered in the Qt SVG library. The qsvghandler.cpp module will parse a node which is not a child of a structural node. The node will be deleted after creation but might be accessed later leading to a use after free...

ALSA-2025:19772 Important: qt6-qtsvg security update

Scalable Vector Graphics SVG is an XML-based language for describing two-dimensional vector graphics. Qt provides classes for rendering and displaying SVG drawings in widgets and on other paint devices. Security Fixes: qtsvg: Use-after-free vulnerability in Qt SVG CVE-2025-10729 For more details...

CVE-2025-10348

URVE Smart Office is vulnerable to Stored XSS in report problem functionality. An attacker with a low-privileged account can upload an SVG file containing a malicious payload, which will be executed when a victim visits the URL of the uploaded resource. The resource is available to anyone without...

EUVD-2025-37048

An arbitrary file upload vulnerability in the Data Preparation function of AIxBlock commit f60975 allows attackers to execute arbitrary code via a crafted SVG file...

CVE-2025-60950

An arbitrary file upload vulnerability in the Data Preparation function of AIxBlock commit f60975 allows attackers to execute arbitrary code via a crafted SVG file...

CVE-2025-10348

URVE Smart Office is vulnerable to Stored XSS in report problem functionality. An attacker with a low-privileged account can upload an SVG file containing a malicious payload, which will be executed when a victim visits the URL of the uploaded resource. The resource is available to anyone without...

[SECURITY] Fedora 42 Update: qt6-qtsvg-6.9.3-1.fc42

Scalable Vector Graphics SVG is an XML-based language for describing two-dimensional vector graphics. Qt provides classes for rendering and displaying SVG drawings in widgets and on other paint devices...

CVE-2025-60950

An arbitrary file upload vulnerability in the Data Preparation function of AIxBlock commit f60975 allows attackers to execute arbitrary code via a crafted SVG file...

CVE-2025-60950

The CVE-2025-60950 entry refers to an arbitrary file upload vulnerability in AIxBlock’s Data Preparation function, tied to commit f60975. The issue allows an attacker to upload a crafted SVG file that could lead to arbitrary code execution. Affected component: Data Preparation function of AIxBloc...

CVE-2025-60950

An arbitrary file upload vulnerability in the Data Preparation function of AIxBlock commit f60975 allows attackers to execute arbitrary code via a crafted SVG file...