CVE-2023-53925

UliCMS 2023.1 contains a stored cross-site scripting vulnerability that allows attackers to upload malicious SVG files with embedded JavaScript. Attackers can upload crafted SVG files through the file management interface that execute arbitrary scripts when viewed by other users...

CVE-2023-53928 PHPFusion 9.10.30 Stored Cross-Site Scripting via File Manager Upload

PHPFusion 9.10.30 contains a stored cross-site scripting vulnerability in the file manager that allows attackers to upload malicious SVG files with embedded JavaScript. Attackers can upload SVG files with script tags that execute arbitrary JavaScript when viewed, potentially stealing user session...

CVE-2023-53925

Summary of CVE-2023-53925 (UliCMS 2023.1): A stored cross-site scripting vulnerability exists in UliCMS 2023.1 allowing attackers to upload SVG files containing JavaScript via the file management interface, with scripts executed when other users view the SVGs. This is a component-level issue affe...

CVE-2023-53909 WBCE CMS 1.6.1 SVG File Content Cross-Site Scripting

WBCE CMS 1.6.1 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious JavaScript by uploading crafted SVG files through the media manager. Attackers can upload SVG files containing script tags to the...

CVE-2023-53909

WBCE CMS 1.6.1 is affected by a stored XSS caused by uploading crafted SVG files via the media manager to /wbce/modules/elfinder/ef/php/connector.wbce.php. Authenticated attackers can inject JavaScript that executes when victims access the uploaded file. Public-facing details confirm affected pro...

DEBIAN-CVE-2025-53000

The nbconvert tool, jupyter nbconvert, converts Jupyter notebooks to various other formats via Jinja templates. Versions of nbconvert up to and including 7.16.6 on Windows have a vulnerability in which converting a notebook containing SVG output to a PDF results in unauthorized code execution...

CVE-2025-53000

The nbconvert tool, jupyter nbconvert, converts Jupyter notebooks to various other formats via Jinja templates. Versions of nbconvert up to and including 7.16.6 on Windows have a vulnerability in which converting a notebook containing SVG output to a PDF results in unauthorized code execution...

CVE-2025-53000

The nbconvert tool, jupyter nbconvert, converts Jupyter notebooks to various other formats via Jinja templates. Versions of nbconvert up to and including 7.16.6 on Windows have a vulnerability in which converting a notebook containing SVG output to a PDF results in unauthorized code execution...

CVE-2025-53000 nbconvert has an uncontrolled search path that leads to unauthorized code execution on Windows

The nbconvert tool, jupyter nbconvert, converts Jupyter notebooks to various other formats via Jinja templates. Versions of nbconvert up to and including 7.16.6 on Windows have a vulnerability in which converting a notebook containing SVG output to a PDF results in unauthorized code execution...

CVE-2025-66647 RIOT OS has buffer overflow in gnrc_ipv6_ext_frag_reass

RIOT is an open-source microcontroller operating system, designed to match the requirements of Internet of Things IoT devices and other embedded devices. A vulnerability was discovered in the IPv6 fragmentation reassembly implementation of RIOT OS v2025.07. When copying the contents of the first...

CVE-2023-53903

WebsiteBaker 2.13.3 contains a stored cross-site scripting vulnerability that allows authenticated users to upload malicious SVG files with embedded JavaScript. Attackers can upload crafted SVG files with script tags that execute when the file is viewed, enabling persistent cross-site scripting...

CVE-2023-53900

Spip 4.1.10 contains a file upload vulnerability that allows attackers to upload malicious SVG files with embedded external links. Attackers can trick administrators into clicking a crafted SVG logo that redirects to a potentially dangerous URL through improper file upload filtering...

Quantum Machine Learning for Cybersecurity: A Taxonomy and Future Directions

The increasing number of cyber threats and rapidly evolving tactics, as well as the high volume of data in recent years, have caused classical machine learning, rules, and signature-based defence strategies to fail, rendering them unable to keep up. An alternative, Quantum Machine Learning QML, h...

UliCMS 跨站脚本漏洞

UliCMS is a content management system CMS open source by UliCMS. The system supports features such as access control and WYSIWYG editing. A cross-site scripting vulnerability exists in UliCMS version 2023.1, which stems from the fact that an attacker can upload a malicious SVG file with embedded...

nbconvert 代码问题漏洞

nbconvert is a format conversion library organized by Jupyter. Converts Jupyter .ipynb notebook document files to another static format, including HTML, LaTeX, PDF, Markdown, and more. A code issue vulnerability exists in nbconvert 7.16.6 and earlier versions that stems from improper handling whe...

PT-2025-51963

Name of the Vulnerable Software and Affected Versions UliCMS version 2023.1 Description The software contains a stored cross-site scripting issue that enables attackers to upload malicious SVG files containing JavaScript. Attackers can upload these crafted SVG files through the file management...

PT-2025-51981

Name of the Vulnerable Software and Affected Versions affected versions not specified Description A flaw exists in the file upload process within the bookmark and asset rendering pipeline. An attacker can upload a malicious SVG file containing JavaScript code. When an authenticated administrator...

CVE-2023-53876

Academy LMS 6.1 contains a file upload vulnerability that allows authenticated users to upload malicious SVG files with stored cross-site scripting payloads. Attackers can inject malicious scripts through the profile avatar upload feature by modifying file extensions and embedding executable...

DEBIAN-CVE-2023-53900

Spip 4.1.10 contains a file upload vulnerability that allows attackers to upload malicious SVG files with embedded external links. Attackers can trick administrators into clicking a crafted SVG logo that redirects to a potentially dangerous URL through improper file upload filtering...

CVE-2023-53900

Spip 4.1.10 contains a file upload vulnerability that allows attackers to upload malicious SVG files with embedded external links. Attackers can trick administrators into clicking a crafted SVG logo that redirects to a potentially dangerous URL through improper file upload filtering...