Lucene search
K

2080 matches found

Vulnrichment
Vulnrichment
added 2026/06/23 12:13 p.m.5 views

CVE-2026-56379 ImageMagick - Command Injection via SVG Decoder

ImageMagick before 7.1.2-15 and 6.9.13-40 contains a command injection vulnerability in the SVG decoder that allows attackers to inject arbitrary MVG drawing commands. Attackers can craft malicious SVG files with injected Magick Vector Graphics commands that execute during rendering...

9.2CVSS6.1AI score0.00895EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/23 12:13 p.m.8 views

EUVD-2026-38441

ImageMagick before 7.1.2-15 and 6.9.13-40 contains a command injection vulnerability in the SVG decoder that allows attackers to inject arbitrary MVG drawing commands. Attackers can craft malicious SVG files with injected Magick Vector Graphics commands that execute during rendering...

6.1AI score0.00895EPSS
Exploits0References2
CVE
CVE
added 2026/06/23 12:13 p.m.34 views

CVE-2026-56379

CVE-2026-56379 affects ImageMagick before 7.1.2-15 and 6.9.13-40. The vulnerability is in the SVG decoder and allows an attacker to inject arbitrary MVG drawing commands that execute during rendering, enabling command execution via crafted SVG files. Public documents consistently describe the sam...

9.2CVSS6.1AI score0.00895EPSS
Exploits0References6Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.16 views

PT-2026-51514

Name of the Vulnerable Software and Affected Versions ImageMagick versions prior to 7.1.2-15 ImageMagick versions prior to 6.9.13-40 Description A command injection issue exists in the SVG decoder. This allows attackers to inject arbitrary Magick Vector Graphics MVG drawing commands by crafting...

9.2CVSS6AI score0.00895EPSS
Exploits0References21
Debian CVE
Debian CVE
added 2026/06/22 3:11 p.m.6 views

CVE-2026-50557

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.0-rc.2, 21.2.15, 20.3.22 and 19.2.22, an issue in the @angular/compiler and @angular/core packages allows bypassing element and attribute...

6.1CVSS5.8AI score0.00206EPSS
Exploits0
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.8 views

Astra Linux – Vulnerability in python-bleach

A mutation XSS affects users who call bleachclean with any of the following tags: svg or math within the allowed tags p or br. The tags are also allowed in styles, titles, noscript, script, textarea, noframes, iframe, or xmp. The keyword argument is stripcomments=False. Note that none of the abov...

6.1CVSS6.8AI score0.00483EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability in WebKit2GTK

A use-after-free vulnerability exists in the SVG implementation in Blink, as used in Google Chrome before version 35.0.1916.114. This vulnerability allows remote attackers to cause a denial of service or potentially cause unspecified other impacts through vectors that trigger the removal of an...

7.5CVSS7.2AI score0.01667EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.3 views

Astra Linux – Vulnerability in imagemagick

A vulnerability was discovered in ImageMagick, where a specially created SVG file can load itself and cause a segmentation fault. This flaw allows a remote attacker to upload a specially crafted SVG file, leading to a segmentation fault and the creation of numerous trash files in "/tmp," resultin...

5.5CVSS6.5AI score0.00865EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability in imagemagick

A vulnerability was discovered in ImageMagick. This security flaw manifests as undefined behaviors when using double to type as sizet in svg, mvg, and other code segments reoccurring bugs of CVE-2022-32546...

5.5CVSS6.5AI score0.01018EPSS
Exploits1References2
Friends Of PHP
Friends Of PHP
added 2026/06/19 7:21 a.m.7 views

symfony/ux-icons XSS via unsanitized SVG content in local files and Iconify on-demand responses

Description The uxicon Twig function is marked issafe='html', so Twig never escapes its output. Icon::toHtml inlines the SVG source verbatim into the page. Browsers execute elements and on event-handler attributes found inside inline SVG, making any unsanitized icon a vector for cross-site...

6AI score
Exploits0Affected Software1
OSV
OSV
added 2026/06/16 4:58 a.m.5 views

MGASA-2026-0213 Updated emacs packages fix security vulnerability

Memory corruption vulnerability when processing svg css. CVE-2026-6861...

7.1CVSS5.4AI score0.00108EPSS
Exploits0References5
Microsoft CVE
Microsoft CVE
added 2026/06/16 2:14 a.m.12 views

Chromium: CVE-2026-11688 Object lifecycle issue in SVG

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

8.8CVSS5.2AI score0.00256EPSS
Exploits0
NVD
NVD
added 2026/06/15 8:16 p.m.9 views

CVE-2026-50873

An arbitrary file upload vulnerability in the attachment handling component of flatnotes v5.5.4 allows attackers to execute arbitrary code via uploading a crafted HTML or SVG file...

9.8CVSS0.00441EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.10 views

PT-2026-49314

Name of the Vulnerable Software and Affected Versions flatnotes version 5.5.4 Description An arbitrary file upload issue exists in the attachment handling component. This allows attackers to execute arbitrary code by uploading a specially crafted HTML or SVG file. Recommendations At the moment,...

9.8CVSS6.2AI score0.00441EPSS
Exploits0References3
NVD
NVD
added 2026/06/11 8:16 p.m.15 views

CVE-2026-46489

SolidInvoice is an open-source invoicing platform. Prior to version 2.3.17, the company logo upload feature accepts any file type without validation. An authenticated administrator can upload an SVG file containing embedded JavaScript. This script is base64-encoded and injected unescaped into eve...

8.1CVSS0.0031EPSS
Exploits0References3
CVE
CVE
added 2026/06/11 6:55 p.m.29 views

CVE-2026-46489

SolidInvoice (open-source invoicing platform) contains CVE-2026-46489: before version 2.3.17, the logo upload feature accepts any file type without validation, allowing an authenticated administrator to upload an SVG containing embedded JavaScript. The script is base64-encoded and injected unesca...

8.1CVSS5.1AI score0.0031EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/11 12:0 a.m.13 views

PT-2026-48727

Name of the Vulnerable Software and Affected Versions SolidInvoice versions prior to 2.3.17 Description The company logo upload feature lacks validation for uploaded file types. An authenticated administrator can upload an SVG file containing base64-encoded JavaScript. This script is injected...

8.1CVSS4.9AI score0.0031EPSS
Exploits0References6
OSV
OSV
added 2026/06/10 11:16 p.m.3 views

UBUNTU-CVE-2026-48734

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-49 and 7.1.2-24, a crafted MVG file could result in a stack overflow due to a missing depth or visited-set check. This issue has been patched in versions 6.9.13-49 and 7.1.2-24...

5.5CVSS5.2AI score0.00107EPSS
Exploits0References3
Snyk
Snyk
added 2026/06/10 11:12 p.m.7 views

Uncontrolled Recursion

Overview Magick.NET-Q8-x86 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

6.8CVSS5.3AI score0.00107EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/10 11:12 p.m.11 views

Uncontrolled Recursion

Overview Magick.NET-Q16-OpenMP-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package a...

6.8CVSS5.3AI score0.00107EPSS
Exploits0References2
Rows per page
Query Builder