MiracleLinux 4 : microcode_ctl-1.17-33.31.AXS4 (AXSA:2020-893:07)

The remote MiracleLinux 4 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2020-893:07 advisory. hw: Vector Register Leakage-Active CVE-2020-8696 hw: Fast forward store predictor CVE-2020-8698 Tenable has extracted the preceding description block...

MiracleLinux 8 : mod_auth_openidc:2.3 (AXSA:2022-3591:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2022-3591:01 advisory. modauthopenidc: open redirect in oidcvalidateredirecturl CVE-2021-32786 modauthopenidc: hardcoded static IV and AAD with a reused key in AES GCM...

MiracleLinux 8 : microcode_ctl-20200609-2.20201027.1.el8 (AXSA:2021-1384:02)

The remote MiracleLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2021-1384:02 advisory. hw: Information disclosure issue in Intel SGX via RAPL interface CVE-2020-8695 hw: Vector Register Leakage-Active CVE-2020-8696 hw: Fast forward sto...

CVE-2026-23847

SiYuan is a personal knowledge management system. Versions prior to 3.5.4 are vulnerable to reflected cross-site scripting in /api/icon/getDynamicIcon due to unsanitized SVG input. The endpoint generates SVG images for text icons type=8. The content query parameter is inserted directly into the S...

CVE-2026-23847

SiYuan is a personal knowledge management system. Versions prior to 3.5.4 are vulnerable to reflected cross-site scripting in /api/icon/getDynamicIcon due to unsanitized SVG input. The endpoint generates SVG images for text icons type=8. The content query parameter is inserted directly into the S...

CVE-2026-23847 SiYuan Vulnerable to Reflected Cross-Site Scripting (XSS) via /api/icon/getDynamicIcon

SiYuan is a personal knowledge management system. Versions prior to 3.5.4 are vulnerable to reflected cross-site scripting in /api/icon/getDynamicIcon due to unsanitized SVG input. The endpoint generates SVG images for text icons type=8. The content query parameter is inserted directly into the S...

Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Microsoft

CVE-2026-20805-PoC The PoC of information disclosure in Micros...

PT-2026-3492

Name of the Vulnerable Software and Affected Versions SiYuan versions prior to 3.5.4 Description SiYuan is a personal knowledge management system susceptible to reflected cross-site scripting. The issue occurs in the /api/icon/getDynamicIcon API endpoint. The endpoint generates SVG images for tex...

CVE-2026-1126

The CVE-2026-1126 entry concerns the SVG File Handler’s uploadFile functionality in FormResource.java (flow-front-rest) used by lwj flow. The documented root cause is argument File manipulation leading to unrestricted file upload, with exploitation possible remotely and publicly disclosed. Affect...

CVE-2026-1126 lwj flow SVG File FormResource.java uploadFile unrestricted upload

A security vulnerability has been detected in lwj flow up to a3d2fe8133db9d3b50fda4f66f68634640344641. This affects the function uploadFile of the file \flow-master\flow-front-rest\src\main\java\com\dragon\flow\web\resource\flow\FormResource.java of the component SVG File Handler. The manipulatio...

Exploit for CVE-2026-22610

Angular SVG Vulnerability Scanner CVE-2026-22610 Purpose...

PT-2026-3399

A security vulnerability has been detected in lwj flow up to a3d2fe8133db9d3b50fda4f66f68634640344641. This affects the function uploadFile of the file flow-masterflow-front-restsrcmainjavacomdragonflowwebresourceflowFormResource.java of the component SVG File Handler. The manipulation of the...

Abusing the Internet of Medical Things: Evaluating Threat Models and Forensic Readiness for Multi-Vector Attacks on Connected Healthcare Devices

Individuals experiencing interpersonal violence IPV, who depend on medical devices, represent a uniquely vulnerable population as healthcare technologies become increasingly connected. Despite rapid growth in MedTech innovation and "health-at-home" ecosystems, the intersection of MedTech...

CVE-2025-14478

CVE-2025-14478 (Demo Importer Plus, WordPress) : The Demo Importer Plus plugin is vulnerable to XML External Entity (XXE) injection via SVG file uploads in all versions up to 2.0.9. Exploitation requires authentication at Author level or higher, and, in affected PHP configurations (older than 8.0...

CVE-2025-14478 Demo Importer Plus <= 2.0.9 - Authenticated (Author+) Blind XML External Entity Injection via SVG File Upload

The Demo Importer Plus plugin for WordPress is vulnerable to XML External Entity Injection XXE in all versions up to, and including, 2.0.9 via the SVG file upload functionality. This makes it possible for authenticated attackers, with Author-level access and above, to achieve code execution in...

CVE-2026-23645

SiYuan is self-hosted, open source personal knowledge management software. Prior to 3.5.4-dev2, a Stored Cross-Site Scripting XSS vulnerability exists in SiYuan Note. The application does not sanitize uploaded SVG files. If a user uploads and views a malicious SVG file e.g., imported from an...

SiYuan Has a Stored Cross-Site Scripting (XSS) Vulnerability via Unrestricted SVG File Upload

Summary A Stored Cross-Site Scripting XSS vulnerability exists in SiYuan Note. The application does not sanitize uploaded SVG files. If a user uploads and views a malicious SVG file e.g., imported from an untrusted source, arbitrary JavaScript code is executed in the context of their authenticate...

CVE-2026-23645

SiYuan is self-hosted, open source personal knowledge management software. Prior to 3.5.4-dev2, a Stored Cross-Site Scripting XSS vulnerability exists in SiYuan Note. The application does not sanitize uploaded SVG files. If a user uploads and views a malicious SVG file e.g., imported from an...

EUVD-2026-2863

SiYuan is self-hosted, open source personal knowledge management software. Prior to 3.5.4-dev2, a Stored Cross-Site Scripting XSS vulnerability exists in SiYuan Note. The application does not sanitize uploaded SVG files. If a user uploads and views a malicious SVG file e.g., imported from an...

OESA-2026-1051 ImageMagick security update

Use ImageMagick to create, edit, compose, or convert bitmap images. It can read and write images in a variety of formats over 200 including PNG, JPEG, GIF, HEIC, TIFF, DPX, EXR, WebP, Postscript, PDF, and SVG. Use ImageMagick to resize, flip, mirror, rotate, distort, shear and transform images,...