CVE-2026-34605

SiYuan is a personal knowledge management system. From version 3.6.0 to before version 3.6.2, the SanitizeSVG function introduced in version 3.6.0 to fix XSS in the unauthenticated /api/icon/getDynamicIcon endpoint can be bypassed by using namespace-prefixed element names such as . The Go HTML5...

CVE-2023-37298

Joplin before 2.11.5 allows XSS via a USE element in an SVG document...

Mozilla: Invalid downcast in SVGUtils::SetupStrokeGeometry

The Mozilla Foundation Security Advisory describes this flaw as: An invalid downcast from nsTextNode to SVGElement could have lead to undefined behavior...

Mozilla: Invalid downcast in SVGUtils::SetupStrokeGeometry

The Mozilla Foundation Security Advisory describes this flaw as: An invalid downcast from nsTextNode to SVGElement could have lead to undefined behavior...

Mozilla: Invalid downcast in SVGUtils::SetupStrokeGeometry

The Mozilla Foundation Security Advisory describes this flaw as: An invalid downcast from nsTextNode to SVGElement could have lead to undefined behavior...

Mozilla: Invalid downcast in SVGUtils::SetupStrokeGeometry

The Mozilla Foundation Security Advisory describes this flaw as: An invalid downcast from nsTextNode to SVGElement could have lead to undefined behavior...

SUSE CVE-2009-1303

The browser engine in Mozilla Firefox before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service application crash and possibly trigger memory corruption via vectors related to nsSVGElement::BindToTree...