2094 matches found
CVE-2026-49102
Webmin before 2.640 allows mailboxes/detach.cgi XSS via an SVG document attachment that is viewed in the mailboxes component, because image/svg+xml is used instead of a safe type e.g., text/plain...
CVE-2026-49102
Webmin before 2.640 allows mailboxes/detach.cgi XSS via an SVG document attachment that is viewed in the mailboxes component, because image/svg+xml is used instead of a safe type e.g., text/plain...
CVE-2026-49102
Webmin before 2.640 allows mailboxes/detach.cgi XSS via an SVG document attachment that is viewed in the mailboxes component, because image/svg+xml is used instead of a safe type e.g., text/plain...
CVE-2026-49102
Webmin versions prior to 2.640 are affected by CVE-2026-49102. The issue is an XSS in the mailboxes/detach.cgi component triggered by viewing an SVG document attachment, caused by using image/svg+xml instead of a safe type (e.g., text/plain). Impact is potential cross-site scripting within the ma...
CVE-2026-48973 WordPress SVG Support plugin <= 2.5.14 - Broken Access Control vulnerability
Missing Authorization vulnerability in Benbodhi SVG Support allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects SVG Support: from n/a through 2.5.14...
CVE-2026-48973 WordPress SVG Support plugin <= 2.5.14 - Broken Access Control vulnerability
Missing Authorization vulnerability in Benbodhi SVG Support allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects SVG Support: from n/a through 2.5.14...
CVE-2026-48973
The CVE-2026-48973 entry applies to the WordPress plugin SVG Support (versions up to 2.5.14). The vulnerability is described as a Missing Authorization / Broken Access Control issue caused by incorrectly configured access control security levels, affecting SVG Support. The CVSS 3.1 base score is ...
WordPress SVG Support plugin <= 2.5.14 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Steven Julian in WordPress Plugin SVG Support versions = 2.5.14...
CVE-2026-47119 Agent Zero < 1.15 Stored XSS via image_get API Endpoint
Agent Zero before version 1.15 contains a stored cross-site scripting vulnerability that allows attackers to execute arbitrary JavaScript in the application origin by serving SVG files through the imageget API endpoint without Content-Security-Policy, X-Content-Type-Options, or Content-Dispositio...
SUSE CVE-2026-48848
Roundcube Webmail 1.6.x before 1.6.16 and 1.7.x before 1.7 has insufficient HTML sanitization that could lead to Cascading Style Sheets CSS injection via an SVG document that has an animate element with the attributeName attribute...
PT-2026-44563
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 148.0.7778.216 Description A use after free issue exists in the Scalable Vector Graphics SVG component, which is an XML-based format for describing two-dimensional graphics. This flaw allows a remote attacker to...
Google Chrome 资源管理错误漏洞
Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.216 contained a resource management vulnerability, which stemmed from issues with reusing SVG elements after its release. This vulnerability could allow remote attackers to execute arbitrary code...
PT-2026-44030
Webmin before 2.640 allows mailboxes/detach.cgi XSS via an SVG document attachment that is viewed in the mailboxes component, because image/svg+xml is used instead of a safe type e.g., text/plain...
CVE-2026-48848
Roundcube Webmail 1.6.x before 1.6.16 and 1.7.x before 1.7 has insufficient HTML sanitization that could lead to Cascading Style Sheets CSS injection via an SVG document that has an animate element with the attributeName attribute...
CVE-2026-48848
CVE-2026-48848 affects Roundcube Webmail 1.6.x (before 1.6.16) and 1.7.x (before 1.7.1). Root cause is insufficient HTML sanitization that enables CSS injection via an SVG document containing an animate element with the attributeName attribute, potentially impacting confidentiality/integrity (per...
Roundcube Webmail 跨站脚本漏洞
Roundcube Webmail is a browser-based open source IMAP client from Roundcube Open Source, which supports address book management, message searching, spell checking and more. A cross-site scripting vulnerability exists in Roundcube Webmail versions prior to 1.6.16 and prior to 1.7, which stems from...
PT-2026-43111
Name of the Vulnerable Software and Affected Versions Roundcube Webmail versions 1.6.x through 1.6.15 Roundcube Webmail versions 1.7.x prior to 1.7 Description Insufficient HTML sanitization allows for Cascading Style Sheets CSS injection. This occurs when an SVG document contains an animate...
CVE-2026-39970 TypeBot: Stored Cross-Site Scripting (XSS) via SVG File Upload On Profile Picture Form
TypeBot is a chatbot builder tool. Versions 3.15.2 and prior contain a critical stored XSS vulnerability in the app.typebot.io profile picture upload form. The application fails to sanitize or restrict SVG/XML-based uploads and directly renders them when accessed through the domain. By uploading ...
CVE-2026-39970 TypeBot: Stored Cross-Site Scripting (XSS) via SVG File Upload On Profile Picture Form
TypeBot is a chatbot builder tool. Versions 3.15.2 and prior contain a critical stored XSS vulnerability in the app.typebot.io profile picture upload form. The application fails to sanitize or restrict SVG/XML-based uploads and directly renders them when accessed through the domain. By uploading ...
EUVD-2026-31478
TypeBot is a chatbot builder tool. Versions 3.15.2 and prior contain a critical stored XSS vulnerability in the app.typebot.io profile picture upload form. The application fails to sanitize or restrict SVG/XML-based uploads and directly renders them when accessed through the domain. By uploading ...