Lucene search
K

1233 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added 2026/03/11 6:26 a.m.6 views

Malicious code in tailwindcss-animate-framer (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c02b4943187c442df05c485194a7946cf3243d4f95240cde866a4efc05fce281 The package tailwindcss-animate-framer was found to contain malicious code. Source: ghsa-malware...

5.7AI score
Exploits0References1
OSV
OSV
added 2026/03/11 6:26 a.m.3 views

MAL-2026-1335 Malicious code in tailwindcss-animate-framer (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c02b4943187c442df05c485194a7946cf3243d4f95240cde866a4efc05fce281 The package tailwindcss-animate-framer was found to contain malicious code. Source: ghsa-malware...

5.7AI score
Exploits0References1
EUVD
EUVD
added 2026/03/10 11:49 p.m.5 views

EUVD-2026-10892

SiYuan has a SVG Sanitizer Bypass via Element — Unauthenticated XSS...

6.4CVSS5.8AI score0.00445EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2026/03/10 11:49 p.m.5 views

SiYuan has a SVG Sanitizer Bypass via `<animate>` Element — Unauthenticated XSS

SVG Sanitizer Bypass via Element — Unauthenticated XSS Summary SiYuan's SVG sanitizer SanitizeSVG blocks dangerous elements , , and removes on event handlers and javascript: in href attributes. However, it does NOT block SVG animation elements , which can dynamically set attributes to dangerous...

6.4CVSS5.8AI score0.00445EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2026/03/10 11:49 p.m.1 views

GHSA-5HC8-QMG8-PW27 SiYuan has a SVG Sanitizer Bypass via `<animate>` Element — Unauthenticated XSS

SVG Sanitizer Bypass via Element — Unauthenticated XSS Summary SiYuan's SVG sanitizer SanitizeSVG blocks dangerous elements , , and removes on event handlers and javascript: in href attributes. However, it does NOT block SVG animation elements , which can dynamically set attributes to dangerous...

6.4CVSS5.9AI score0.00445EPSS
Exploits1References4
Cvelist
Cvelist
added 2026/03/10 8:56 p.m.28 views

CVE-2026-31807 SiYuan has a SVG Sanitizer Bypass via `<animate>` Element — Unauthenticated XSS

SiYuan is a personal knowledge management system. Prior to 3.5.10, SiYuan's SVG sanitizer SanitizeSVG blocks dangerous elements , , and removes on event handlers and javascript: in href attributes. However, it does NOT block SVG animation elements , which can dynamically set attributes to dangero...

6.4CVSS0.00445EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/03/10 8:56 p.m.2 views

CVE-2026-31807 SiYuan has a SVG Sanitizer Bypass via `<animate>` Element — Unauthenticated XSS

SiYuan is a personal knowledge management system. Prior to 3.5.10, SiYuan's SVG sanitizer SanitizeSVG blocks dangerous elements , , and removes on event handlers and javascript: in href attributes. However, it does NOT block SVG animation elements , which can dynamically set attributes to dangero...

6.4CVSS5.8AI score0.00445EPSS
Exploits1References1
OSV
OSV
added 2026/03/10 8:56 p.m.3 views

CVE-2026-31807 SiYuan has a SVG Sanitizer Bypass via `<animate>` Element — Unauthenticated XSS

SiYuan is a personal knowledge management system. Prior to 3.5.10, SiYuan's SVG sanitizer SanitizeSVG blocks dangerous elements , , and removes on event handlers and javascript: in href attributes. However, it does NOT block SVG animation elements , which can dynamically set attributes to dangero...

6.4CVSS5.8AI score0.00445EPSS
Exploits1References3
CVE
CVE
added 2026/03/10 8:56 p.m.15 views

CVE-2026-31807

SiYuan: CVE-2026-31807 is a real issue in SVG sanitization prior to v3.5.10. The SVG sanitizer fails to block animation elements (e.g., /) in /api/icon/getDynamicIcon (type=8), allowing injection of JavaScript and a reflected XSS. Nuclei templates detail the exact vector: unauthenticated access t...

6.4CVSS5.8AI score0.00445EPSS
Exploits1References1Affected Software1
VulnCheck KEV
VulnCheck KEV
added 2026/02/20 12:0 a.m.4 views

VulnCheck KEV: CVE-2025-68461

Roundcube Webmail before 1.5.12 and 1.6 before 1.6.12 is prone to a Cross-Site-Scripting XSS vulnerability via the animate tag in an SVG document...

7.2CVSS5.8AI score0.19769EPSS
In wildExploits1References2
CISA KEV Catalog
CISA KEV Catalog
added 2026/02/20 12:0 a.m.8 views

RoundCube Webmail Cross-site Scripting Vulnerability

RoundCube Webmail contains a cross-site scripting vulnerability via the animate tag in an SVG document...

7.2CVSS5.1AI score0.19769EPSS
In wildExploits1
OSV
OSV
added 2026/01/12 5:56 a.m.5 views

MAL-2026-235 Malicious code in tailwindcss-animate-tool (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 150bc7ffcbd255578f8dc6e8ce8781a01e97dcdc6a57436976f6b08beb371807 The package tailwindcss-animate-tool was found to contain malicious code. Source: ghsa-malware...

6.8AI score
Exploits0References1
EUVD
EUVD
added 2026/01/12 5:56 a.m.6 views

EUVD-2026-1962

Malicious code in tailwindcss-animate-tool npm...

6.6AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/01/12 5:56 a.m.13 views

Malicious code in tailwindcss-animate-tool (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 150bc7ffcbd255578f8dc6e8ce8781a01e97dcdc6a57436976f6b08beb371807 The package tailwindcss-animate-tool was found to contain malicious code. Source: ghsa-malware...

6.9AI score
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:34 a.m.9 views

CVE-2019-7960

Adobe Animate CC versions 19.2.1 and earlier have an insecure library loading dll hijacking vulnerability. Successful exploitation could lead to privilege escalation...

7.8CVSS6.8AI score0.00777EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/12/24 7:27 p.m.4 views

CVE-2019-25240 Rifatron 5brid DVR 5brid DVR (HD6-532/516, DX6-516/508/504, MX6-516/508/504, EH6-504) Unauthenticated Live Stream Disclosure via animate.cgi

Rifatron 5brid DVR contains an unauthenticated vulnerability in the animate.cgi script that allows unauthorized access to live video streams. Attackers can exploit the Mobile Web Viewer module by specifying channel numbers to retrieve sequential video snapshots without authentication...

9.8CVSS6.6AI score0.00406EPSS
Exploits1References3
Cvelist
Cvelist
added 2025/12/24 7:27 p.m.30 views

CVE-2019-25240 Rifatron 5brid DVR 5brid DVR (HD6-532/516, DX6-516/508/504, MX6-516/508/504, EH6-504) Unauthenticated Live Stream Disclosure via animate.cgi

Rifatron 5brid DVR contains an unauthenticated vulnerability in the animate.cgi script that allows unauthorized access to live video streams. Attackers can exploit the Mobile Web Viewer module by specifying channel numbers to retrieve sequential video snapshots without authentication...

9.8CVSS0.00406EPSS
Exploits1References3
CVE
CVE
added 2025/12/24 7:27 p.m.15 views

CVE-2019-25240

Rifatron 5brid DVR suffers an unauthenticated vulnerability in the animate.cgi script that enables unauthorized access to live video streams via the Mobile Web Viewer by specifying channel numbers. Affected versions include HD6-532/516, DX6-516/508/504, MX6-516/508/504, EH6-504. Root cause is the...

9.8CVSS6.6AI score0.00406EPSS
Exploits1References3
CNNVD
CNNVD
added 2025/12/24 12:0 a.m.10 views

Rifatron 5brid DVR 安全漏洞

Rifatron 5brid DVR is a 5-in-1 hybrid digital video recorder from Rifatron, a South Korean company. A security vulnerability exists in the Rifatron 5brid DVR that stems from the presence of unauthenticated access to the animate.cgi script, which could lead to the acquisition of live video streams...

9.8CVSS6.7AI score0.00406EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2025/12/24 12:0 a.m.5 views

PT-2025-53326

Name of the Vulnerable Software and Affected Versions Rifatron 5brid DVR versions HD6-532/516, DX6-516/508/504, MX6-516/508/504, EH6-504 Description The Rifatron 5brid DVR contains a flaw in the animate.cgi script that permits unauthorized access to live video streams. An attacker can leverage th...

9.8CVSS6.6AI score0.00406EPSS
Exploits1References5
Rows per page
Query Builder