CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

AstraLinux•added 2026/05/20 5:53 a.m.•1 views

Astra Linux - уязвимость в ruby-loofah

Loofah is a general library for manipulating and transforming HTML/XML documents and fragments, built upon the Nokogiri framework. Loofah 2.19.1 contains a inefficient regular expression that is susceptible to excessive backtracking when attempting to sanitize certain SVG attributes. This may lea...

7.5CVSS6.6AI score0.00271EPSS

AstraLinux•added 2026/05/20 5:53 a.m.•2 views

Astra Linux - уязвимость в imagemagick

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-12, using Magick to read a malicious SVG file could lead to a DoS attack. Version 7.1.2-12 addresses this issue...

7.5CVSS5.4AI score0.00032EPSS

Exploits1References2

AstraLinux•added 2026/05/20 5:53 a.m.•2 views

Astra Linux - уязвимость в batik

A vulnerability in Batik of Apache XML Graphics allows an attacker to execute untrusted Java code from an SVG. This issue affects Apache XML Graphics versions prior to 1.16. It is recommended to update to version 1.16...

7.5CVSS7.2AI score0.00526EPSS

Vulnrichment•added 2026/05/19 6:14 p.m.•9 views

CVE-2026-33741 EspoCRM: Stored XSS via SVG attachment loading same-origin JavaScript

EspoCRM is an open source customer relationship management application. Versions 9.3.3 and below allow authenticated users to upload SVG attachments through normal attachment-capable fields and later serve those SVG files as top-level inline documents through both the attachment and image entry...

ATTACKERKB•added 2026/05/19 6:14 p.m.•4 views

CVE-2026-33741

Exploits0References2Affected Software1

EUVD•added 2026/05/19 6:14 p.m.•9 views

EUVD-2026-30967

NVD•added 2026/05/19 4:16 p.m.•7 views

CVE-2026-30117

scalar/astro v0.1.13 was discovered to contain an arbitrary file upload vulnerability in the the scalarurl query parameter of the Scalar Proxy endpoint. This vulnerability allows attackers to execute arbitrary code via uploading a crafted SVG file...

9.8CVSS0.00104EPSS

OSV•added 2026/05/19 1:34 a.m.•5 views

JLSEC-2026-511

In xml.rs in GNOME librsvg before 2.46.2, a crafted SVG file with nested patterns can cause denial of service when passed to the library for processing. The attacker constructs pattern elements so that the number of final rendered objects grows exponentially...

6.5CVSS6.9AI score0.0133EPSS

Exploits0References14

EUVD•added 2026/05/19 12:0 a.m.•7 views

EUVD-2026-30944

6.2AI score0.00104EPSS

OPENSUSE Linux•added 2026/05/19 12:0 a.m.•5 views

Security update for emacs (moderate)

openSUSE security update: security update for emacs ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20759-1 Rating: moderate References: bsc1262007 bsc1262611 Cross-References: CVE-2026-6861 CVSS scores: CVE-2026-6861 SUSE : 6.1...

6.8CVSS5.8AI score0.00021EPSS

CNNVD•added 2026/05/19 12:0 a.m.•6 views

EspoCRM 跨站脚本漏洞

EspoCRM is an open-source, web-based Customer Relationship Management system CRM developed by EspoCRM. This system offers features such as sales automation, community management, and customer support. Versions of EspoCRM 9.3.3 and earlier contained a cross-site scripting vulnerability. This...

6.8CVSS5.7AI score0.00041EPSS

Positive Technologies•added 2026/05/19 12:0 a.m.•5 views

PT-2026-41993

CNNVD•added 2026/05/19 12:0 a.m.•4 views

Scalar 安全漏洞

Scalar is an interactive API documentation and testing tool developed by Scalar OpenSource. Version 0.1.13 of Scalar contains a security vulnerability. This vulnerability stems from an arbitrary file upload vulnerability in the scalarurl query parameter of the Scalar Proxy endpoint, which could...

9.8CVSS6.2AI score0.00104EPSS