8202 matches found
CVE-2025-62418
Bagisto v2.3.7 contains an XSS vulnerability in TinyMCE image upload: uploading a crafted SVG with embedded JavaScript is possible by an admin or other privileged user, leading to code execution in the context of the viewer’s browser. The issue arises from SVGs being accepted without sanitization...
CVE-2025-62418 bagisto - Cross Site Scripting (XSS) in TinyMCE Image Upload (SVG)
Bagisto is an open source laravel eCommerce platform. In Bagisto v2.3.7, the TinyMCE image upload functionality allows an attacker with sufficient privileges e.g. admin to upload a crafted SVG file containing embedded JavaScript. When viewed, the malicious code executes in the context of the...
CVE-2025-61514
An arbitrary file upload vulnerability in SageMath, Inc CoCalc before commit 0d2ff58 allows attackers to execute arbitrary code via uploading a crafted SVG file...
CVE-2025-61514
An arbitrary file upload vulnerability in SageMath, Inc CoCalc before commit 0d2ff58 allows attackers to execute arbitrary code via uploading a crafted SVG file...
CVE-2025-61514
CVE-2025-61514 affects SageMath, Inc. CoCalc prior to the fix commit 0d2ff58, where an attacker can upload a crafted SVG file to achieve arbitrary code execution. The issue is triggered by an arbitrary file upload vulnerability in the CoCalc front-end/back-end stack, enabling code execution on th...
The Power of Vector Databases in the New Era of AI Search
In my 15 years as a software engineer, I've seen one truth hold constant: traditional databases are brilliant…...
CVE-2025-11161 WPBakery Page Builder <= 8.6.1 - Stored Cross-Site Scripting via vc_custom_heading Shortcode
The WPBakery Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the vccustomheading shortcode in all versions up to, and including, 8.6.1. This is due to insufficient restriction of allowed HTML tags and improper sanitization of user-supplied attributes in the...
CVE-2025-59428 EspoCRM allows arbitrary user creation via stored SVG injection and CSRF
EspoCRM is an open source customer relationship management application. In versions before 9.1.9, a vulnerability allows arbitrary user creation, including administrative accounts, through a combination of stored SVG injection and lack of CSRF protection. An attacker with Knowledge Base edit...
CVE-2025-59428 EspoCRM allows arbitrary user creation via stored SVG injection and CSRF
EspoCRM is an open source customer relationship management application. In versions before 9.1.9, a vulnerability allows arbitrary user creation, including administrative accounts, through a combination of stored SVG injection and lack of CSRF protection. An attacker with Knowledge Base edit...
CVE-2025-59428 EspoCRM allows arbitrary user creation via stored SVG injection and CSRF
EspoCRM is an open source customer relationship management application. In versions before 9.1.9, a vulnerability allows arbitrary user creation, including administrative accounts, through a combination of stored SVG injection and lack of CSRF protection. An attacker with Knowledge Base edit...
[SECURITY] Fedora 42 Update: qt5-qtsvg-5.15.17-2.fc42
Scalable Vector Graphics SVG is an XML-based language for describing two-dimensional vector graphics. Qt provides classes for rendering and displaying SVG drawings in widgets and on other paint devices...
Microsoft Windows 后置链接漏洞
Microsoft Windows is a suite of operating systems used by Microsoft Corporation USA for personal devices. A back-link vulnerability exists in Microsoft Windows Health and Optimized Experiences, which stems from a vulnerability that can be exploited by an attacker to elevate privileges...
PT-2025-42118
Name of the Vulnerable Software and Affected Versions Microsoft Office Excel affected versions not specified Description An issue exists in Microsoft Office Excel where access of a resource using an incompatible type, referred to as a 'type confusion', can allow an unauthorized attacker to execut...
Microsoft Windows 资源管理错误漏洞
Microsoft Windows is a suite of operating systems used by Microsoft Corporation USA for personal devices. Microsoft Windows suffers from a Resource Management Error vulnerability that stems from an attacker's ability to elevate privileges by exploiting the vulnerability...
Microsoft Windows PrintWorkflowUserSvc 资源管理错误漏洞
Microsoft Windows PrintWorkflowUserSvc is a Windows service from Microsoft Corporation USA that provides support for print workflow applications. A resource management error vulnerability exists in Microsoft Windows PrintWorkflowUserSvc, which stems from an attacker's ability to elevate privilege...
PT-2025-42014
Name of the Vulnerable Software and Affected Versions Microsoft Windows Hyper-V affected versions not specified Description A race condition exists in Windows Hyper-V during concurrent execution using shared resources with improper synchronization. This allows a locally authorized attacker to...
PT-2025-41935
Name of the Vulnerable Software and Affected Versions EspoCRM versions prior to 9.1.9 Description EspoCRM is a customer relationship management application. A flaw allows the creation of arbitrary user accounts, including those with administrative privileges. This is achieved through a combinatio...
Linux Distros Unpatched Vulnerability : CVE-2025-52885
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Poppler ia a library for rendering PDF files, and examining or modifying their structure. A use-after-free write vulnerability has been detected in versions...
Adobe Illustrator 缓冲区错误漏洞
Adobe Illustrator is a set of vector-based image creation software from the American company Audobee Adobe. An out-of-bounds write vulnerability exists in Adobe Illustrator, which can be exploited by an attacker to cause arbitrary code to be executed in the current user's environment...
ROS-20251014-09
A vulnerability in the SVG component of Mozilla Firefox, Firefox ESR and Thunderbird email client is related to an integer overflow. with integer overflow. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code. remotely to execute arbitrary code...