PT-2025-39325

Name of the Vulnerable Software and Affected Versions Horilla versions prior to 1.4.0 Description Horilla is a Human Resource Management System HRMS. Improper sanitization within the application allows for Cross-Site Scripting XSS through uploaded SVG files and allowed tags. This can lead to the...

Ammonia incorrectly handles embedded SVG and MathML leading to mutation XSS after removal

Affected versions of this crate did not correctly strip namespace-incompatible tags in certain situations, causing it to incorrectly account for differences between HTML, SVG, and MathML. This vulnerability only has an effect when the svg or math tag is allowed, because it relies on a tag being...

GHSA-MM7X-QFJJ-5G2C Ammonia incorrectly handles embedded SVG and MathML leading to mutation XSS after removal

Affected versions of this crate did not correctly strip namespace-incompatible tags in certain situations, causing it to incorrectly account for differences between HTML, SVG, and MathML. This vulnerability only has an effect when the svg or math tag is allowed, because it relies on a tag being...

DEBIAN-CVE-2025-59798

Artifex Ghostscript through 10.05.1 has a stack-based buffer overflow in pdfwritecmap in devices/vector/gdevpdtw.c...

PT-2025-38690

Name of the Vulnerable Software and Affected Versions Admin and Site Enhancements ASE WordPress plugin versions prior to 7.9.8 Description The software does not properly sanitize SVG files when uploaded through the xmlrpc.php file, if SVG uploads are enabled. This could allow an attacker to uploa...

RUSTSEC-2025-0071 Incorrect handling of embedded SVG and MathML leads to mutation XSS after removal

Affected versions of this crate did not correctly strip namespace-incompatible tags in certain situations, causing it to incorrectly account for differences between HTML, SVG, and MathML. This vulnerability only has an effect when the svg or math tag is allowed, because it relies on a tag being...

CVE-2025-59417

Lobe Chat is an open-source artificial intelligence chat framework. Prior to version 1.129.4, there is a a cross-site scripting XSS vulnerability when handling chat message in lobe-chat that can be escalated to remote code execution on the user’s machine. In lobe-chat, when the response from the...

CVE-2025-59415

Frappe Learning is a learning system that helps users structure their content. In versions 2.34.1 and below, there is a security vulnerability in Frappe Learning where the system did not adequately sanitize the content uploaded in the profile bio. Malicious SVG files could be used to execute...

GHSA-M79R-R765-5F9J Lobe Chat Desktop vulnerable to Remote Code Execution via XSS in Chat Messages

Summary We identified a cross-site scripting XSS vulnerability when handling chat message in lobe-chat that can be escalated to remote code execution on the user’s machine. Any party capable of injecting content into chat messages, such as hosting a malicious page for prompt injection, operating ...

firefox: thunderbird: Integer overflow in the SVG component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Integer overflow in the SVG component...

ALSA-2025:16157 Important: thunderbird security update

Mozilla Thunderbird is a standalone mail and newsgroup client. Security Fixes: firefox: thunderbird: Sandbox escape due to use-after-free in the Graphics: Canvas2D component CVE-2025-10527 firefox: thunderbird: Incorrect boundary conditions in the JavaScript: GC component CVE-2025-10532 firefox:...

CVE-2025-59415

Frappe Learning is a learning system that helps users structure their content. In versions 2.34.1 and below, there is a security vulnerability in Frappe Learning where the system did not adequately sanitize the content uploaded in the profile bio. Malicious SVG files could be used to execute...

firefox: thunderbird: Integer overflow in the SVG component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Integer overflow in the SVG component...

firefox: thunderbird: Integer overflow in the SVG component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Integer overflow in the SVG component...

PT-2025-38279

Name of the Vulnerable Software and Affected Versions: Frappe Learning versions 2.34.1 and below Description: Frappe Learning does not adequately sanitize content uploaded in the profile bio. This allows for the execution of arbitrary scripts in the context of other users through malicious SVG...

SUSE CVE-2025-10533

Integer overflow in the SVG component. This vulnerability was fixed in Firefox 143, Firefox ESR 115.28, Firefox ESR 140.3, Thunderbird 143, and Thunderbird 140.3...

Security Vulnerabilities fixed in Firefox ESR 115.28 — Mozilla

CVE-2025-10533: Integer overflow in the SVG component Reporter Andrew Creskey Impact moderate References Bug 1980788...

KLA88014 Multiple vulnerabilities in Mozilla Firefox

Multiple vulnerabilities were found in Mozilla Firefox. Malicious users can exploit these vulnerabilities to execute arbitrary code, spoof user interface, bypass security restrictions, obtain sensitive information. Below is a complete list of vulnerabilities: 1. Use-after-free vulnerability in...

Mozilla -- integer overflow

[email protected] reports: Integer overflow in the SVG component...

CVE-2025-10253

A vulnerability has been found in openDCIM 23.04. This vulnerability affects unknown code of the file /scripts/uploadifive.php of the component SVG File Handler. Such manipulation of the argument Filedata leads to cross site scripting. The attack can be launched remotely. The exploit has been...