CVE-2026-30974

Copyparty is a portable file server. Prior to v1.20.11., the nohtml config option, intended to prevent execution of JavaScript in user-uploaded HTML files, did not apply to SVG images. A user with write-permission could upload an SVG containing embedded JavaScript, which would execute in the...

EUVD-2026-10712

Copyparty is a portable file server. Prior to v1.20.11., the nohtml config option, intended to prevent execution of JavaScript in user-uploaded HTML files, did not apply to SVG images. A user with write-permission could upload an SVG containing embedded JavaScript, which would execute in the...

CVE-2026-30974 Copyparty volflag `nohtml` did not block javascript in svg files

Copyparty is a portable file server. Prior to v1.20.11., the nohtml config option, intended to prevent execution of JavaScript in user-uploaded HTML files, did not apply to SVG images. A user with write-permission could upload an SVG containing embedded JavaScript, which would execute in the...

GitHub: CVE-2026-26030 Microsoft Semantic Kernel InMemoryVectorStore filter functionality vulnerable

CVE-2026-26030 is a Remote Code Execution vulnerability that has been identified in Microsoft Semantic Kernel Python SDK, specifically within the InMemoryVectorStore filter functionality. GitHub created this CVE on their behalf. GitHub created this CVE on their behalf. This document incorporates...

EUVD-2026-10711

copyparty: volflag nohtml did not block javascript in svg files...

GHSA-M6HV-X64C-27MM copyparty: volflag `nohtml` did not block javascript in svg files

Summary The nohtml config option, intended to prevent execution of JavaScript in user-uploaded HTML files, did not apply to SVG images. Details A user with write-permission could upload an SVG containing embedded JavaScript, which would execute in the context of whichever user opens it. This in...

copyparty: volflag `nohtml` did not block javascript in svg files

Summary The nohtml config option, intended to prevent execution of JavaScript in user-uploaded HTML files, did not apply to SVG images. Details A user with write-permission could upload an SVG containing embedded JavaScript, which would execute in the context of whichever user opens it. This in...

Copyparty 跨站脚本漏洞

Copyparty is a portable file server developed by Ed’s individual developer. Versions of Copyparty prior to v1.20.11 contained a cross-site scripting vulnerability. This vulnerability stemmed from the nohtml configuration option not being applied to SVG images, which could lead to the execution of...

PT-2026-24426

Name of the Vulnerable Software and Affected Versions Parse Server versions prior to 9.5.2-alpha.4 Parse Server versions prior to 8.6.17 Description Parse Server, an open source backend deployable on Node.js infrastructures, contains a stored cross-site scripting XSS issue. Authenticated users ca...

PT-2026-24450

Name of the Vulnerable Software and Affected Versions VPU affected versions not specified Description A use-after-free read issue exists in VPU due to a race condition. Successful exploitation of this issue could lead to local information disclosure and does not require additional execution...

SiYuan 跨站脚本漏洞

SiYuan is a privacy-oriented personal knowledge management system developed by SiYuan. Versions of SiYuan prior to 3.5.10 contained a cross-site scripting vulnerability. This vulnerability stemmed from the SVG cleaner not preventing SVG animation elements, which could bypass static cleaning and...

PT-2026-24183

Name of the Vulnerable Software and Affected Versions Versions prior to 2025-41709 Description An issue exists that allows an attacker to achieve remote code execution via the Modbus protocol on industrial power analyzers. This poses a significant risk to critical infrastructure, potentially...

PT-2026-24462

Name of the Vulnerable Software and Affected Versions SiYuan versions prior to 3.5.10 Description SiYuan is a personal knowledge management system. The SVG sanitizer SanitizeSVG in versions prior to 3.5.10 does not block SVG animation elements , , allowing attackers to dynamically set attributes ...

CVE-2026-2261 blocklistd(8) socket leak

Due to a programming error, blocklistd leaks a socket descriptor for each adverse event report it receives. Once a certain number of leaked sockets is reached, blocklistd becomes unable to run the helper script: a child process is forked, but this child dereferences a null pointer and crashes...

Apache Airflow Log Message Disclosure Vulnerability

Apache Airflow is the United States Apache Apache Foundation's set of open source platform with the creation, management and monitoring of workflow functions. The platform is scalable and dynamic monitoring and other features. Apache Airflow has a log information disclosure vulnerability. An...

CVE-2026-3749

A weakness has been identified in Bytedesk up to 1.3.9. This vulnerability affects the function handleFileUpload of the file source-code/src/main/java/com/bytedesk/core/upload/UploadRestService.java of the component SVG File Handler. Executing a manipulation can lead to unrestricted upload. The...

CVE-2026-3749

A weakness has been identified in Bytedesk up to 1.3.9. This vulnerability affects the function handleFileUpload of the file source-code/src/main/java/com/bytedesk/core/upload/UploadRestService.java of the component SVG File Handler. Executing a manipulation can lead to unrestricted upload. The...

CVE-2026-3749 Bytedesk SVG File UploadRestService.java handleFileUpload unrestricted upload

A weakness has been identified in Bytedesk up to 1.3.9. This vulnerability affects the function handleFileUpload of the file source-code/src/main/java/com/bytedesk/core/upload/UploadRestService.java of the component SVG File Handler. Executing a manipulation can lead to unrestricted upload. The...

CVE-2026-3748

A security flaw has been discovered in Bytedesk up to 1.3.9. This affects the function uploadFile of the file source-code/src/main/java/com/bytedesk/core/upload/UploadRestController.java of the component SVG File Handler. Performing a manipulation results in unrestricted upload. Remote exploitati...

PT-2026-23954

A security flaw has been discovered in Bytedesk up to 1.3.9. This affects the function uploadFile of the file source-code/src/main/java/com/bytedesk/core/upload/UploadRestController.java of the component SVG File Handler. Performing a manipulation results in unrestricted upload. Remote exploitati...