1251 matches found
CVE-2026-48349
Animate is affected by an Incorrect Authorization vulnerability that could result in arbitrary code execution in the context of the current user. Exploit depends on conditions beyond the attacker's control. Exploitation of this issue does not require user interaction. Scope is changed...
CVE-2026-48347
Animate is affected by an Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a...
CVE-2026-48346
Summary (CVE-2026-48346): Animate is affected by an Untrusted Search Path vulnerability that could lead to arbitrary code execution in the context of the current user. Exploitation requires user interaction: a victim must open a malicious file. The affected scope has changed. The CVSS vector indi...
CVE-2026-48346 Animate | Untrusted Search Path (CWE-426)
Animate is affected by an Untrusted Search Path vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. Scope is changed...
CVE-2026-48345
Technical details are not publicly available in the provided documents. Monitor for updates.
CVE-2026-48347 Animate | Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') (CWE-78)
Animate is affected by an Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a...
CVE-2026-48349 Animate | Incorrect Authorization (CWE-863)
Animate is affected by an Incorrect Authorization vulnerability that could result in arbitrary code execution in the context of the current user. Exploit depends on conditions beyond the attacker's control. Exploitation of this issue does not require user interaction. Scope is changed...
CVE-2026-48347
Animate is affected by an OS Command Injection (CWE-78) due to improper neutralization of special elements in an input that is used in an OS command. This can lead to arbitrary code execution in the context of the current user. Exploitation requires user interaction: the victim must open a malici...
CVE-2026-48349
CVE-2026-48349 (Animate) is an Incorrect Authorization vulnerability (CWE-863) that could allow arbitrary code execution in the context of the current user. Exploitation does not require user interaction, but depends on conditions beyond the attacker’s control. The CVSSv3.1 base score is 8.1 (HIG...
CVE-2026-48348 Animate | Incorrect Authorization (CWE-863)
Animate is affected by an Incorrect Authorization vulnerability that could result in arbitrary code execution in the context of the current user. Exploit depends on conditions beyond the attacker's control. Exploitation of this issue requires user interaction in that a victim must open a maliciou...
CVE-2026-48348
Animate is affected by an Incorrect Authorization (CWE-863) vulnerability that could lead to arbitrary code execution in the context of the current user. The exploit depends on conditions beyond the attacker’s control and requires user interaction (the victim must open a malicious file). The CVE ...
CVE-2026-48350 Animate | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE-22)
Animate is affected by an Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability that could result in arbitrary code execution in the context of the current user. An attacker could exploit this vulnerability to access sensitive files or directories outside the...
Adobe Animate 23.x < 23.0.16 / 24.x < 24.0.14 Multiple Vulnerabilities (APSB26-83)
The version of Adobe Animate installed on the remote macOS or Mac OS X host is prior to 23.0.16 or 24.0.14. It is, therefore, affected by multiple vulnerabilities as referenced in the apsb26-83 advisory. - Animate is affected by an Improper Limitation of a Pathname to a Restricted Directory 'Path...
Adobe Animate 23.x < 23.0.16 / 24.x < 24.0.14 Multiple Vulnerabilities (APSB26-83)
The version of Adobe Animate installed on the remote Windows host is prior to 23.0.16 or 24.0.14. It is, therefore, affected by multiple vulnerabilities as referenced in the apsb26-83 advisory. - Animate is affected by an Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal...
Malicious code in tailwind-animate-v4 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fd43366b04ea80c2244079c09602623af157ce00cba9ae1837005b97ffe44bdb The package presents itself as a Tailwind CSS animation plugin and reproduces the legitimate tailwindcss-animate source including its original author...
USN-8482-1: Roundcube Webmail vulnerability
It was discovered that Roundcube Webmail was prone to a Cross-Site-Scripting XSS vulnerability via the animate tag in an SVG document. An attacker could use this issue to execute arbitrary web script in the context of an affected user's session...
SUSE CVE-2026-48848
Roundcube Webmail 1.6.x before 1.6.16 and 1.7.x before 1.7 has insufficient HTML sanitization that could lead to Cascading Style Sheets CSS injection via an SVG document that has an animate element with the attributeName attribute...
CVE-2026-8872
The Animate Your Content plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'animation-set' shortcode in versions up to, and including, 1.0.0. This is due to insufficient input sanitization and output escaping on user supplied attributes in the...
CVE-2026-8872 Animate Your Content <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes
The Animate Your Content plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'animation-set' shortcode in versions up to, and including, 1.0.0. This is due to insufficient input sanitization and output escaping on user supplied attributes in the...
EUVD-2026-32074
The Animate Your Content plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'animation-set' shortcode in versions up to, and including, 1.0.0. This is due to insufficient input sanitization and output escaping on user supplied attributes in the...