PT-2026-2382

Name of the Vulnerable Software and Affected Versions e107 CMS version 3.2.1 Description An authenticated administrator can bypass upload restrictions in e107 CMS. This allows the upload of malicious SVG files through the media manager. Successful exploitation enables attackers to upload SVG file...

SUSE SLES12 Security Update : ImageMagick (SUSE-SU-2026:0099-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2026:0099-1 advisory. - CVE-2025-68618: read a malicious SVG file may result in a DoS attack bsc1255821. Tenable has extracted the preceding description block directly from...

MiracleLinux 8 : firefox-140.3.0-1.el8_10.ML.1 (AXSA:2025-10906:31)

The remote MiracleLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2025-10906:31 advisory. firefox: thunderbird: Sandbox escape due to use-after-free in the Graphics: Canvas2D component CVE-2025-10527 firefox: thunderbird: Incorrect...

CVE-2026-22804

CVE-2026-22804 affects Termix versions 1.7.0–1.9.0, where the File Viewer component in the File Manager (src/ui/desktop/apps/file-manager/components/FileViewer.tsx) fails to sanitize SVG content, allowing a stored XSS that can execute arbitrary JavaScript in the app context. If exploited, this ca...

Security update for ImageMagick

This update for ImageMagick fixes the following issues: CVE-2025-68618: read a malicious SVG file may result in a DoS attack bsc1255821. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can ru...

PT-2026-2313

Name of the Vulnerable Software and Affected Versions Termix versions 1.7.0 through 1.9.0 Description Termix is a web-based server management platform offering SSH terminal, tunneling, and file editing features. A Stored Cross-Site Scripting XSS issue exists in the Termix File Manager component d...

CVE-2025-14984

The Gutenverse Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG file upload in all versions up to, and including, 2.3.2. This is due to the plugin's framework component adding SVG to the allowed MIME types via the uploadmimes filter without implementing any...

EUVD-2026-1698

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to versions 19.2.18, 20.3.16, 21.0.7, and 21.1.0-rc.0, a cross-site scripting XSS vulnerability has been identified in the Angular Template Compiler. The...

CVE-2026-22610 Angular has XSS Vulnerability via Unsanitized SVG Script Attributes

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to versions 19.2.18, 20.3.16, 21.0.7, and 21.1.0-rc.0, a cross-site scripting XSS vulnerability has been identified in the Angular Template Compiler. The...

CVE-2026-22610

Angular contains an XSS vulnerability in the Template Compiler’s handling of SVG scripts where href/xlink:href are not treated as Resource URLs. Affected: Angular pre-patched releases before 19.2.18, 20.3.16, 21.0.7, and 21.1.0-rc.0. Impact is in the rendering/templating path; patch versions are ...

CVE-2026-22600 OpenProject is Vulnerable to Arbitrary File Read via ImageMagick SVG Coder

OpenProject is an open-source, web-based project management software. A Local File Read LFR vulnerability exists in the work package PDF export functionality of OpenProject prior to version 16.6.4. By uploading a specially crafted SVG file disguised as a PNG as a work package attachment, an...

PT-2026-2220

Name of the Vulnerable Software and Affected Versions OpenProject versions prior to 16.6.4 Description OpenProject is a web-based project management software. A Local File Read issue exists in the work package PDF export functionality. By uploading a specially crafted SVG file disguised as a PNG ...

OpenProject 信息泄露漏洞

OpenProject is OpenProject open source a Web-based project management software. OpenProject 16.6.4 before the version of the information leakage vulnerability , the vulnerability stems from the work package PDF export function there is a local file reading vulnerability , an attacker can upload a...

Cross-site Scripting (XSS)

Overview @angular/core is a package that lets you write client-side web applications as if you had a smarter browser. It also lets you use HTML as your template language and lets you extend HTML’s syntax to express your application’s components clearly and succinctly. Affected versions of this...

OESA-2026-1038 ImageMagick security update

Use ImageMagick to create, edit, compose, or convert bitmap images. It can read and write images in a variety of formats over 200 including PNG, JPEG, GIF, HEIC, TIFF, DPX, EXR, WebP, Postscript, PDF, and SVG. Use ImageMagick to resize, flip, mirror, rotate, distort, shear and transform images,...

OESA-2026-1037 ImageMagick security update

Use ImageMagick to create, edit, compose, or convert bitmap images. It can read and write images in a variety of formats over 200 including PNG, JPEG, GIF, HEIC, TIFF, DPX, EXR, WebP, Postscript, PDF, and SVG. Use ImageMagick to resize, flip, mirror, rotate, distort, shear and transform images,...

OESA-2026-1035 ImageMagick security update

Use ImageMagick to create, edit, compose, or convert bitmap images. It can read and write images in a variety of formats over 200 including PNG, JPEG, GIF, HEIC, TIFF, DPX, EXR, WebP, Postscript, PDF, and SVG. Use ImageMagick to resize, flip, mirror, rotate, distort, shear and transform images,...

OESA-2026-1034 ImageMagick security update

Use ImageMagick to create, edit, compose, or convert bitmap images. It can read and write images in a variety of formats over 200 including PNG, JPEG, GIF, HEIC, TIFF, DPX, EXR, WebP, Postscript, PDF, and SVG. Use ImageMagick to resize, flip, mirror, rotate, distort, shear and transform images,...

OESA-2026-1033 ImageMagick security update

Use ImageMagick to create, edit, compose, or convert bitmap images. It can read and write images in a variety of formats over 200 including PNG, JPEG, GIF, HEIC, TIFF, DPX, EXR, WebP, Postscript, PDF, and SVG. Use ImageMagick to resize, flip, mirror, rotate, distort, shear and transform images,...

CVE-2023-31305

Generation of weak and predictable Initialization Vector IV in PMFW Power Management Firmware may allow an attacker with privileges to reuse IV values to reverse-engineer debug data, potentially resulting in information disclosure...