Lucene search
K

2094 matches found

Cvelist
Cvelist
added 2026/05/27 2:31 p.m.45 views

CVE-2026-49102

Webmin before 2.640 allows mailboxes/detach.cgi XSS via an SVG document attachment that is viewed in the mailboxes component, because image/svg+xml is used instead of a safe type e.g., text/plain...

6.1CVSS0.00155EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/27 2:31 p.m.8 views

CVE-2026-49102

Webmin before 2.640 allows mailboxes/detach.cgi XSS via an SVG document attachment that is viewed in the mailboxes component, because image/svg+xml is used instead of a safe type e.g., text/plain...

6.1CVSS5.8AI score0.00155EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/27 2:31 p.m.13 views

CVE-2026-49102

Webmin before 2.640 allows mailboxes/detach.cgi XSS via an SVG document attachment that is viewed in the mailboxes component, because image/svg+xml is used instead of a safe type e.g., text/plain...

6.1CVSS5.8AI score0.00155EPSS
Exploits0References3
CVE
CVE
added 2026/05/27 2:31 p.m.26 views

CVE-2026-49102

Webmin versions prior to 2.640 are affected by CVE-2026-49102. The issue is an XSS in the mailboxes/detach.cgi component triggered by viewing an SVG document attachment, caused by using image/svg+xml instead of a safe type (e.g., text/plain). Impact is potential cross-site scripting within the ma...

6.1CVSS5.8AI score0.00155EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/27 2:28 p.m.9 views

CVE-2026-48973 WordPress SVG Support plugin <= 2.5.14 - Broken Access Control vulnerability

Missing Authorization vulnerability in Benbodhi SVG Support allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects SVG Support: from n/a through 2.5.14...

4.3CVSS5.8AI score0.002EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/27 2:28 p.m.44 views

CVE-2026-48973 WordPress SVG Support plugin <= 2.5.14 - Broken Access Control vulnerability

Missing Authorization vulnerability in Benbodhi SVG Support allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects SVG Support: from n/a through 2.5.14...

4.3CVSS0.002EPSS
Exploits0References1
CVE
CVE
added 2026/05/27 2:28 p.m.37 views

CVE-2026-48973

The CVE-2026-48973 entry applies to the WordPress plugin SVG Support (versions up to 2.5.14). The vulnerability is described as a Missing Authorization / Broken Access Control issue caused by incorrectly configured access control security levels, affecting SVG Support. The CVSS 3.1 base score is ...

4.3CVSS5.8AI score0.002EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/05/27 2:27 p.m.25 views

WordPress SVG Support plugin <= 2.5.14 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Steven Julian in WordPress Plugin SVG Support versions = 2.5.14...

4.3CVSS5.8AI score0.002EPSS
Exploits0Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/27 2:26 p.m.39 views

CVE-2026-47119 Agent Zero < 1.15 Stored XSS via image_get API Endpoint

Agent Zero before version 1.15 contains a stored cross-site scripting vulnerability that allows attackers to execute arbitrary JavaScript in the application origin by serving SVG files through the imageget API endpoint without Content-Security-Policy, X-Content-Type-Options, or Content-Dispositio...

6.1CVSS5.9AI score0.00236EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/27 10:56 a.m.13 views

SUSE CVE-2026-48848

Roundcube Webmail 1.6.x before 1.6.16 and 1.7.x before 1.7 has insufficient HTML sanitization that could lead to Cascading Style Sheets CSS injection via an SVG document that has an animate element with the attributeName attribute...

7.2CVSS5.8AI score0.00388EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.16 views

PT-2026-44563

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 148.0.7778.216 Description A use after free issue exists in the Scalable Vector Graphics SVG component, which is an XML-based format for describing two-dimensional graphics. This flaw allows a remote attacker to...

9.6CVSS6.3AI score0.00368EPSS
Exploits0References157
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.10 views

Google Chrome 资源管理错误漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.216 contained a resource management vulnerability, which stemmed from issues with reusing SVG elements after its release. This vulnerability could allow remote attackers to execute arbitrary code...

8.8CVSS6.2AI score0.00252EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.14 views

PT-2026-44030

Webmin before 2.640 allows mailboxes/detach.cgi XSS via an SVG document attachment that is viewed in the mailboxes component, because image/svg+xml is used instead of a safe type e.g., text/plain...

6.1CVSS5.8AI score0.00155EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2026/05/25 8:16 p.m.10 views

CVE-2026-48848

Roundcube Webmail 1.6.x before 1.6.16 and 1.7.x before 1.7 has insufficient HTML sanitization that could lead to Cascading Style Sheets CSS injection via an SVG document that has an animate element with the attributeName attribute...

7.2CVSS5.8AI score0.00388EPSS
Exploits0References6
CVE
CVE
added 2026/05/25 7:27 p.m.46 views

CVE-2026-48848

CVE-2026-48848 affects Roundcube Webmail 1.6.x (before 1.6.16) and 1.7.x (before 1.7.1). Root cause is insufficient HTML sanitization that enables CSS injection via an SVG document containing an animate element with the attributeName attribute, potentially impacting confidentiality/integrity (per...

7.2CVSS5.8AI score0.00388EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/05/25 12:0 a.m.12 views

Roundcube Webmail 跨站脚本漏洞

Roundcube Webmail is a browser-based open source IMAP client from Roundcube Open Source, which supports address book management, message searching, spell checking and more. A cross-site scripting vulnerability exists in Roundcube Webmail versions prior to 1.6.16 and prior to 1.7, which stems from...

7.2CVSS5.6AI score0.00388EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/05/25 12:0 a.m.16 views

PT-2026-43111

Name of the Vulnerable Software and Affected Versions Roundcube Webmail versions 1.6.x through 1.6.15 Roundcube Webmail versions 1.7.x prior to 1.7 Description Insufficient HTML sanitization allows for Cascading Style Sheets CSS injection. This occurs when an SVG document contains an animate...

7.2CVSS5.8AI score0.00388EPSS
Exploits0References16
Cvelist
Cvelist
added 2026/05/22 5:55 p.m.14 views

CVE-2026-39970 TypeBot: Stored Cross-Site Scripting (XSS) via SVG File Upload On Profile Picture Form

TypeBot is a chatbot builder tool. Versions 3.15.2 and prior contain a critical stored XSS vulnerability in the app.typebot.io profile picture upload form. The application fails to sanitize or restrict SVG/XML-based uploads and directly renders them when accessed through the domain. By uploading ...

8.5CVSS0.00276EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/22 5:55 p.m.9 views

CVE-2026-39970 TypeBot: Stored Cross-Site Scripting (XSS) via SVG File Upload On Profile Picture Form

TypeBot is a chatbot builder tool. Versions 3.15.2 and prior contain a critical stored XSS vulnerability in the app.typebot.io profile picture upload form. The application fails to sanitize or restrict SVG/XML-based uploads and directly renders them when accessed through the domain. By uploading ...

8.5CVSS6AI score0.00276EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/22 5:55 p.m.13 views

EUVD-2026-31478

TypeBot is a chatbot builder tool. Versions 3.15.2 and prior contain a critical stored XSS vulnerability in the app.typebot.io profile picture upload form. The application fails to sanitize or restrict SVG/XML-based uploads and directly renders them when accessed through the domain. By uploading ...

8.5CVSS6AI score0.00276EPSS
Exploits0References2
Rows per page
Query Builder