CVE-2025-61999

OPEXUS FOIAXpress before 11.13.3.0 allows an administrative user to upload JavaScript or other content embedded in an SVG image used as a logo. Injected content is executed in the context of other users when they view affected pages. Successful exploitation allows the administrative user to perfo...

PT-2025-41264

Name of the Vulnerable Software and Affected Versions Liferay Portal versions 7.4.3.18 through 7.4.3.111 Liferay DXP versions 2023.Q4.0 through 2023.Q4.5 Liferay DXP versions 2023.Q3.1 through 2023.Q3.8 Liferay Portal version 7.4 update 18 through update 92 Description A stored cross-site scripti...

Use-after-free vulnerability in Qt SVG qsvghandler.cpp allows denial of service via crafted SVG

...

EUVD-2017-16761

Malware in sbrugna...

PT-2025-41201

Name of the Vulnerable Software and Affected Versions OPEXUS FOIAXpress versions prior to 11.13.3.0 Description An administrative user can upload JavaScript or other content embedded within an SVG image used as a logo. This injected content is executed when other users view affected pages...

CVE-2025-61768 Kuno CMS Vulnerable to Server-Side Request Forgery (SSRF) via Unsafe SVG Upload

KUNO CMS is a fully deployable full-stack blog application. In versions prior to 1.3.15, an SSRF Server-Side Request Forgery vulnerability exists in the Media module of the Kuno CMS administrative panel. A logged-in administrator can upload a specially crafted SVG file containing an external imag...

EUVD-2025-32593

KUNO CMS is a fully deployable full-stack blog application. In versions prior to 1.3.15, an SSRF Server-Side Request Forgery vulnerability exists in the Media module of the Kuno CMS administrative panel. A logged-in administrator can upload a specially crafted SVG file containing an external imag...

CVE-2025-61769

Emlog is an open source website building system. A cross-site scripting XSS vulnerability in emlog up to and including version 2.5.22 allows authenticated remote attackers to inject arbitrary web script or HTML via the file upload functionality. As an authenticated user it is possible to upload...

CVE-2025-61769 Emlog vulnerable to stored XSS in file upload functionality in emlog

Emlog is an open source website building system. A cross-site scripting XSS vulnerability in emlog up to and including version 2.5.22 allows authenticated remote attackers to inject arbitrary web script or HTML via the file upload functionality. As an authenticated user it is possible to upload...

CVE-2025-61769

CVE-2025-61769 concerns Emlog, an open source PHP/MySQL CMS. The issue is a cross-site scripting (XSS) vulnerability present in Emlog up to and including version 2.5.22, exploitable via the file upload function where an authenticated user can upload an SVG containing JavaScript that is later exec...

CVE-2025-61769 Emlog vulnerable to stored XSS in file upload functionality in emlog

Emlog is an open source website building system. A cross-site scripting XSS vulnerability in emlog up to and including version 2.5.22 allows authenticated remote attackers to inject arbitrary web script or HTML via the file upload functionality. As an authenticated user it is possible to upload...

firefox: thunderbird: Integer overflow in the SVG component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Integer overflow in the SVG component...

firefox: thunderbird: Integer overflow in the SVG component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Integer overflow in the SVG component...

firefox: thunderbird: Integer overflow in the SVG component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Integer overflow in the SVG component...

firefox: thunderbird: Integer overflow in the SVG component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Integer overflow in the SVG component...

firefox: thunderbird: Integer overflow in the SVG component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Integer overflow in the SVG component...

Important: Red Hat Security Advisory: firefox security update

An update for firefox is now available for Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions and Red Hat Enterprise Linux 8.8 Telecommunications Update Service. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring...

CVE-2025-9703

CVE-2025-9703 describes a Cross-Site Scripting vulnerability in The Ultimate Addons for Elementor (Lite and related) WordPress plugin prior to version 2.5.0. The issue arises because SVG file contents uploaded via the xmlrpc.php endpoint using base64 encoding are not sanitized, allowing injection...

firefox: thunderbird: Integer overflow in the SVG component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Integer overflow in the SVG component...

firefox: thunderbird: Integer overflow in the SVG component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Integer overflow in the SVG component...