8202 matches found
CVE-2025-15549 FluentCMS 2026 Stored XSS via SVG Upload in File Management
FluentCMS 2026 contains a stored cross-site scripting vulnerability that allows authenticated administrators to upload SVG files with embedded JavaScript via the File Management module. Attackers can upload malicious SVG files that execute JavaScript in the browser of any user accessing the...
EUVD-2025-206518
FluentCMS 2026 contains a stored cross-site scripting vulnerability that allows authenticated administrators to upload SVG files with embedded JavaScript via the File Management module. Attackers can upload malicious SVG files that execute JavaScript in the browser of any user accessing the...
CVE-2025-15549
FluentCMS 2026 contains a stored cross-site scripting vulnerability that allows authenticated administrators to upload SVG files with embedded JavaScript via the File Management module. Attackers can upload malicious SVG files that execute JavaScript in the browser of any user accessing the...
openssl: OpenSSL: Remote code execution or Denial of Service via oversized Initialization Vector in CMS parsing
A flaw was found in OpenSSL. A remote attacker can exploit a stack buffer overflow vulnerability by supplying a crafted Cryptographic Message Syntax CMS message with an oversized Initialization Vector IV when parsing AuthEnvelopedData structures that use Authenticated Encryption with Associated...
CVE-2025-7713
CVE-2025-7713 describes an XSS vulnerability in Global Interactive Design Media Software Inc. Content Management System (CMS), caused by improper neutralization of input during web page generation and exploitable via HTTP headers. The affected scope is stated as CMS through 21072025. Details on a...
CVE-2026-1466
Jirafeau normally prevents browser preview for text files due to the possibility that for example SVG and HTML documents could be exploited for cross site scripting. This was done by storing the MIME type of a file and allowing only browser preview for MIME types beginning with image except for...
PT-2026-5331
FluentCMS 2026 contains a stored cross-site scripting vulnerability that allows authenticated administrators to upload SVG files with embedded JavaScript via the File Management module. Attackers can upload malicious SVG files that execute JavaScript in the browser of any user accessing the...
FluentCMS cross-site scripting vulnerabilities
FluentCMS is an open-source content management system developed by FluentCMS. Version 2026 of FluentCMS has a cross-site scripting vulnerability. This vulnerability arises because authenticated administrators can upload SVG files embedded with JavaScript through the file management module,...
GHSA-96XM-FV9W-PF3F soroban-sdk has overflow in Bytes::slice, Vec::slice, GenRange::gen_range for u64
Impact Arithmetic overflow can be triggered in the Bytes::slice, Vec::slice, and Prng::genrange for u64 methods in the soroban-sdk in versions prior to and including 25.0.1. Contracts that pass user-controlled or computed range bounds to Bytes::slice, Vec::slice, or Prng::genrange may silently...
soroban-sdk has overflow in Bytes::slice, Vec::slice, GenRange::gen_range for u64
Impact Arithmetic overflow can be triggered in the Bytes::slice, Vec::slice, and Prng::genrange for u64 methods in the soroban-sdk in versions prior to and including 25.0.1. Contracts that pass user-controlled or computed range bounds to Bytes::slice, Vec::slice, or Prng::genrange may silently...
EUVD-2026-4848
soroban-sdk is a Rust SDK for Soroban contracts. Arithmetic overflow can be triggered in the Bytes::slice, Vec::slice, and Prng::genrange for u64 methods in the soroban-sdk in versions up to and including 25.0.1, 23.5.1, and 25.0.2. Contracts that pass user-controlled or computed range bounds to...
CVE-2026-24889 soroban-sdk has overflow in Bytes::slice, Vec::slice, GenRange::gen_range for u64
soroban-sdk is a Rust SDK for Soroban contracts. Arithmetic overflow can be triggered in the Bytes::slice, Vec::slice, and Prng::genrange for u64 methods in the soroban-sdk in versions up to and including 25.0.1, 23.5.1, and 25.0.2. Contracts that pass user-controlled or computed range bounds to...
Cross-site Scripting (XSS)
Overview nocodb is a NocoDB Affected versions of this package are vulnerable to Cross-site Scripting XSS via the SVG upload. An attacker can execute arbitrary JavaScript in the browsers of other users by uploading a crafted SVG file containing embedded scripts, which are rendered inline when...
NocoDB Vulnerable to Stored Cross-Site Scripting via SVG upload
Summary A stored Cross-site Scripting XSS vulnerability exists in NocoDB’s attachment handling mechanism. Authenticated users can upload malicious SVG files containing embedded JavaScript, which are later rendered inline and executed in the browsers of other users who view the attachment. Because...
EUVD-2026-4868
NocoDB is software for building databases as spreadsheets. Prior to version 0.301.0, a stored cross-site scripting XSS vulnerability exists in NocoDB’s attachment handling mechanism. Authenticated users can upload malicious SVG files containing embedded JavaScript, which are later rendered inline...
openssl: OpenSSL: Remote code execution or Denial of Service via oversized Initialization Vector in CMS parsing
A flaw was found in OpenSSL. A remote attacker can exploit a stack buffer overflow vulnerability by supplying a crafted Cryptographic Message Syntax CMS message with an oversized Initialization Vector IV when parsing AuthEnvelopedData structures that use Authenticated Encryption with Associated...
openssl: OpenSSL: Remote code execution or Denial of Service via oversized Initialization Vector in CMS parsing
A flaw was found in OpenSSL. A remote attacker can exploit a stack buffer overflow vulnerability by supplying a crafted Cryptographic Message Syntax CMS message with an oversized Initialization Vector IV when parsing AuthEnvelopedData structures that use Authenticated Encryption with Associated...
Exploit for CVE-2025-15467
CVE-2025-15467 Stack buffer overflow in OpenSSL CMS AuthEnvel...
openssl: OpenSSL: Remote code execution or Denial of Service via oversized Initialization Vector in CMS parsing
A flaw was found in OpenSSL. A remote attacker can exploit a stack buffer overflow vulnerability by supplying a crafted Cryptographic Message Syntax CMS message with an oversized Initialization Vector IV when parsing AuthEnvelopedData structures that use Authenticated Encryption with Associated...
openssl: OpenSSL: Remote code execution or Denial of Service via oversized Initialization Vector in CMS parsing
A flaw was found in OpenSSL. A remote attacker can exploit a stack buffer overflow vulnerability by supplying a crafted Cryptographic Message Syntax CMS message with an oversized Initialization Vector IV when parsing AuthEnvelopedData structures that use Authenticated Encryption with Associated...