CVE-2025-40291

In the Linux kernel, the following vulnerability has been resolved: iouring: fix regbuf vector size truncation There is a report of ioestimatebvecsize truncating the calculated number of segments that leads to corruption issues. Check it doesn't overflow "int"s used later. Rough but simple, can b...

CVE-2025-40291 io_uring: fix regbuf vector size truncation

In the Linux kernel, the following vulnerability has been resolved: iouring: fix regbuf vector size truncation There is a report of ioestimatebvecsize truncating the calculated number of segments that leads to corruption issues. Check it doesn't overflow "int"s used later. Rough but simple, can b...

CVE-2025-40291

In the Linux kernel, the following vulnerability has been resolved: iouring: fix regbuf vector size truncation There is a report of ioestimatebvecsize truncating the calculated number of segments that leads to corruption issues. Check it doesn't overflow "int"s used later. Rough but simple, can b...

PT-2025-49424

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel related to io uring, specifically a truncation issue within the io estimate bvec size function. This truncation can lead to corruption issues. The probl...

PT-2025-49475

In the Linux kernel, the following vulnerability has been resolved: um: vector: Fix memory leak in vector config If the return value of the uml parse vector ifspec function is NULL, we should call kfreeparams to prevent memory leak...

CVE-2025-12163

The Omnipress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.6.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to...

EUVD-2025-201449

Nextcloud Server is a self hosted personal cloud system. In Nextcloud Server and Server Enterprise prior to 31.0.12 and 32.0.3, a missing sanitization allowed malicious users to circumvent the content security policy when a malicious user manages to trick a user it viewing an uploaded SVG outside...

XSS in SVG images when opened outside of Nextcloud

None...

CVE-2025-12163 Omnipress <= 1.6.3 - Authenticated (Author+) Stored Cross-Site Scripting

The Omnipress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.6.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to...

PT-2025-49267

Name of the Vulnerable Software and Affected Versions Nextcloud Server versions prior to 31.0.12 Nextcloud Server Enterprise versions prior to 31.0.12 Nextcloud Server versions prior to 32.0.3 Nextcloud Server Enterprise versions prior to 32.0.3 Description Nextcloud Server and Server Enterprise...

Open WebUI Vulnerable to Stored DOM XSS via Note 'Download PDF'

Summary A Stored XSS vulnerability has been discovered in Open-WebUI's Notes PDF download functionality. An attacker can import a Markdown file containing malicious SVG tags into Notes, allowing them to execute arbitrary JavaScript code and steal session tokens when a victim downloads the note as...

CVE-2025-66403

FileRise is a self-hosted web-based file manager with multi-file upload, editing, and batch operations. Prior to 2.2.3, a stored cross-site scripting XSS vulnerability exists in the Filerise application due to improper handling of uploaded SVG files. The application accepts user-supplied SVG...

CVE-2025-65516

A stored cross-site scripting XSS vulnerability was discovered in Seafile Community Edition prior to version 13.0.12. When Seafile is configured with the Golang file server, an attacker can upload a crafted SVG file containing malicious JavaScript and share it using a public link. Opening the lin...

OSV-2025-965 Stack-use-after-scope in Assimp::FBX::FBXExportProperty::FBXExportProperty

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=465494996 Crash type: Stack-use-after-scope READ 1 Crash state: Assimp::FBX::FBXExportProperty::FBXExportProperty Assimp::FBX::FBXExportProperty std::1::vectorAssimp::FBX::FBXExportProperty, Assimp::FBXExporter::WriteObjects...

EUVD-2025-201190

A stored cross-site scripting XSS vulnerability was discovered in Seafile Community Edition prior to version 13.0.12. When Seafile is configured with the Golang file server, an attacker can upload a crafted SVG file containing malicious JavaScript and share it using a public link. Opening the lin...

CVE-2025-65516

A stored cross-site scripting XSS vulnerability was discovered in Seafile Community Edition prior to version 13.0.12. When Seafile is configured with the Golang file server, an attacker can upload a crafted SVG file containing malicious JavaScript and share it using a public link. Opening the lin...

GHSA-3W8Q-XQ97-5J7X Rhino has high CPU usage and potential DoS when passing specific numbers to `toFixed()` function

When an application passed an attacker controlled float poing number into the toFixed function, it might lead to high CPU consumption and a potential Denial of Service. Small numbers go through this call stack: NativeNumber.numTo DToA.JSdtostr DToA.JSdtoa DToA.pow5mult where pow5mult attempts to...

CVE-2025-65267

In ERPNext v15.83.2 and Frappe Framework v15.86.0, improper validation of uploaded SVG avatar images allows attackers to embed malicious JavaScript. The payload executes when an administrator clicks the image link to view the avatar, resulting in stored cross-site scripting XSS. Successful...

CVE-2025-63872

DeepSeek V3.2 has a Cross Site Scripting XSS vulnerability, which allows JavaScript execution through model-generated SVG content...

Primitive Vector Cipher(PVC): A Hybrid Encryption Scheme Based on the Vector Computational Diffie-Hellman (V-CDH) Problem

This work introduces the Primitive Vector Cipher PVC, a novel hybrid encryption scheme integrating matrix-based cryptography with advanced Diffie-Hellman key exchange. PVC's security is grounded on the established hardness of the Vector Computational Diffie- Hellman V-CDH problem. The two-layered...