CVE-2025-9145 Scada-LTS SVG File view_edit.shtm cross site scripting

A security vulnerability has been detected in Scada-LTS 2.7.8.1. This issue affects some unknown processing of the file viewedit.shtm of the component SVG File Handler. Such manipulation of the argument backgroundImageMP leads to cross site scripting. The attack can be launched remotely. The...

CVE-2025-9145 Scada-LTS SVG File view_edit.shtm cross site scripting

A security vulnerability has been detected in Scada-LTS 2.7.8.1. This issue affects some unknown processing of the file viewedit.shtm of the component SVG File Handler. Such manipulation of the argument backgroundImageMP leads to cross site scripting. The attack can be launched remotely. The...

CVE-2025-9145

Scada-LTS 2.7.8.1 is affected by a cross-site scripting vulnerability in the SVG File Handler, specifically via manipulation of the backgroundImageMP argument in view_edit.shtm. The issue can be triggered remotely and, per multiple sources, the exploit has been publicly disclosed. Current connect...

GHSA-8XFQ-7F6M-MPMF MoonShine Arbitrary File Upload Vulnerability

An arbitrary file upload vulnerability in MoonShine v3.12.4 allows attackers to execute arbitrary code via uploading a crafted SVG file...

MoonShine Arbitrary File Upload Vulnerability

An arbitrary file upload vulnerability in MoonShine v3.12.4 allows attackers to execute arbitrary code via uploading a crafted SVG file...

CVE-2025-51489

A Stored Cross-Site Scripting XSS vulnerability exists in MoonShine version 3.12.5, allowing remote attackers to upload a malicious SVG file when creating/updating an Article and correctly execute arbitrary JavaScript when the file link is opened...

CVE-2025-51489

A Stored Cross-Site Scripting XSS vulnerability exists in MoonShine version 3.12.5, allowing remote attackers to upload a malicious SVG file when creating/updating an Article and correctly execute arbitrary JavaScript when the file link is opened...

CVE-2025-51489

MoonShine

liblcf 0.8.1 Denial of Service

lcf2xml part of liblcf aborts when parsing specially crafted RPG Maker 2000/2003 files that supply a negative element count for vectors of structured records. Version 0.8.1 is affected...

CVE-2025-51489

A Stored Cross-Site Scripting XSS vulnerability exists in MoonShine version 3.12.5, allowing remote attackers to upload a malicious SVG file when creating/updating an Article and correctly execute arbitrary JavaScript when the file link is opened...

PT-2025-33740 · Moonshine · Moonshine

Name of the Vulnerable Software and Affected Versions: MoonShine version 3.12.4 Description: An arbitrary file upload vulnerability exists in MoonShine version 3.12.4. Attackers can execute arbitrary code by uploading a crafted SVG file. Recommendations: At the moment, there is no information abo...

Linux Distros Unpatched Vulnerability : CVE-2025-38435

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: riscv: vector: Fix context save/restore with xtheadvector Previously only v0-v7 were correct...

Linux Distros Unpatched Vulnerability : CVE-2018-6090

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An integer overflow that lead to a heap buffer-overflow in Skia in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to execute arbitrary code insi...

Kenwood DMX958XR Command Injection Vulnerability (CNVD-2025-20422)

The Kenwood DMX958XR is an in-car infotainment system from Kenwood. The Kenwood DMX958XR suffers from a command injection vulnerability that can be exploited by an attacker to execute code in a root context...

Linux Distros Unpatched Vulnerability : CVE-2023-5631

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Roundcube before 1.4.15, 1.5.x before 1.5.5, and 1.6.x before 1.6.4 allows stored XSS via an HTML e-mail message with a crafted SVG document because of...

Unspecified Vulnerability in Kenwood DMX958XR

The Kenwood DMX958XR is an in-car infotainment system from Kenwood. A security vulnerability exists in the Kenwood DMX958XR, which can be exploited by attackers to cause a software downgrade...

Linux Distros Unpatched Vulnerability : CVE-2016-3614

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier allows remote authenticated users to affect availability via vectors related...

Linux Distros Unpatched Vulnerability : CVE-2019-6245

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Anti-Grain Geometry AGG 2.4 as used in SVG++ aka svgpp 1.2.3. In the function agg::cellaa::notequal, dx is assigned to x2 - x1. If dx...

Huawei HarmonyOS and EMUI Competitive Conditions Vulnerability Vulnerability

Huawei EMUI is a mobile operating system developed based on Android.Huawei HarmonyOS is an operating system. Provides a full-scene distributed operating system based on a microkernel. Huawei HarmonyOS and EMUI have a competitive condition vulnerability vulnerability that can be exploited by an...

Linux Distros Unpatched Vulnerability : CVE-2017-15574

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Redmine before 3.2.6 and 3.3.x before 3.3.3, stored XSS is possible by using an SVG document as an attachment. CVE-2017-15574 Note that Nessus relies on the...