1233 matches found
Malicious code in tailwindcss-animate-framer (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c02b4943187c442df05c485194a7946cf3243d4f95240cde866a4efc05fce281 The package tailwindcss-animate-framer was found to contain malicious code. Source: ghsa-malware...
MAL-2026-1335 Malicious code in tailwindcss-animate-framer (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c02b4943187c442df05c485194a7946cf3243d4f95240cde866a4efc05fce281 The package tailwindcss-animate-framer was found to contain malicious code. Source: ghsa-malware...
EUVD-2026-10892
SiYuan has a SVG Sanitizer Bypass via Element — Unauthenticated XSS...
SiYuan has a SVG Sanitizer Bypass via `<animate>` Element — Unauthenticated XSS
SVG Sanitizer Bypass via Element — Unauthenticated XSS Summary SiYuan's SVG sanitizer SanitizeSVG blocks dangerous elements , , and removes on event handlers and javascript: in href attributes. However, it does NOT block SVG animation elements , which can dynamically set attributes to dangerous...
GHSA-5HC8-QMG8-PW27 SiYuan has a SVG Sanitizer Bypass via `<animate>` Element — Unauthenticated XSS
SVG Sanitizer Bypass via Element — Unauthenticated XSS Summary SiYuan's SVG sanitizer SanitizeSVG blocks dangerous elements , , and removes on event handlers and javascript: in href attributes. However, it does NOT block SVG animation elements , which can dynamically set attributes to dangerous...
CVE-2026-31807 SiYuan has a SVG Sanitizer Bypass via `<animate>` Element — Unauthenticated XSS
SiYuan is a personal knowledge management system. Prior to 3.5.10, SiYuan's SVG sanitizer SanitizeSVG blocks dangerous elements , , and removes on event handlers and javascript: in href attributes. However, it does NOT block SVG animation elements , which can dynamically set attributes to dangero...
CVE-2026-31807 SiYuan has a SVG Sanitizer Bypass via `<animate>` Element — Unauthenticated XSS
SiYuan is a personal knowledge management system. Prior to 3.5.10, SiYuan's SVG sanitizer SanitizeSVG blocks dangerous elements , , and removes on event handlers and javascript: in href attributes. However, it does NOT block SVG animation elements , which can dynamically set attributes to dangero...
CVE-2026-31807 SiYuan has a SVG Sanitizer Bypass via `<animate>` Element — Unauthenticated XSS
SiYuan is a personal knowledge management system. Prior to 3.5.10, SiYuan's SVG sanitizer SanitizeSVG blocks dangerous elements , , and removes on event handlers and javascript: in href attributes. However, it does NOT block SVG animation elements , which can dynamically set attributes to dangero...
CVE-2026-31807
SiYuan: CVE-2026-31807 is a real issue in SVG sanitization prior to v3.5.10. The SVG sanitizer fails to block animation elements (e.g., /) in /api/icon/getDynamicIcon (type=8), allowing injection of JavaScript and a reflected XSS. Nuclei templates detail the exact vector: unauthenticated access t...
VulnCheck KEV: CVE-2025-68461
Roundcube Webmail before 1.5.12 and 1.6 before 1.6.12 is prone to a Cross-Site-Scripting XSS vulnerability via the animate tag in an SVG document...
RoundCube Webmail Cross-site Scripting Vulnerability
RoundCube Webmail contains a cross-site scripting vulnerability via the animate tag in an SVG document...
MAL-2026-235 Malicious code in tailwindcss-animate-tool (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 150bc7ffcbd255578f8dc6e8ce8781a01e97dcdc6a57436976f6b08beb371807 The package tailwindcss-animate-tool was found to contain malicious code. Source: ghsa-malware...
EUVD-2026-1962
Malicious code in tailwindcss-animate-tool npm...
Malicious code in tailwindcss-animate-tool (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 150bc7ffcbd255578f8dc6e8ce8781a01e97dcdc6a57436976f6b08beb371807 The package tailwindcss-animate-tool was found to contain malicious code. Source: ghsa-malware...
CVE-2019-7960
Adobe Animate CC versions 19.2.1 and earlier have an insecure library loading dll hijacking vulnerability. Successful exploitation could lead to privilege escalation...
CVE-2019-25240 Rifatron 5brid DVR 5brid DVR (HD6-532/516, DX6-516/508/504, MX6-516/508/504, EH6-504) Unauthenticated Live Stream Disclosure via animate.cgi
Rifatron 5brid DVR contains an unauthenticated vulnerability in the animate.cgi script that allows unauthorized access to live video streams. Attackers can exploit the Mobile Web Viewer module by specifying channel numbers to retrieve sequential video snapshots without authentication...
CVE-2019-25240 Rifatron 5brid DVR 5brid DVR (HD6-532/516, DX6-516/508/504, MX6-516/508/504, EH6-504) Unauthenticated Live Stream Disclosure via animate.cgi
Rifatron 5brid DVR contains an unauthenticated vulnerability in the animate.cgi script that allows unauthorized access to live video streams. Attackers can exploit the Mobile Web Viewer module by specifying channel numbers to retrieve sequential video snapshots without authentication...
CVE-2019-25240
Rifatron 5brid DVR suffers an unauthenticated vulnerability in the animate.cgi script that enables unauthorized access to live video streams via the Mobile Web Viewer by specifying channel numbers. Affected versions include HD6-532/516, DX6-516/508/504, MX6-516/508/504, EH6-504. Root cause is the...
Rifatron 5brid DVR 安全漏洞
Rifatron 5brid DVR is a 5-in-1 hybrid digital video recorder from Rifatron, a South Korean company. A security vulnerability exists in the Rifatron 5brid DVR that stems from the presence of unauthenticated access to the animate.cgi script, which could lead to the acquisition of live video streams...
PT-2025-53326
Name of the Vulnerable Software and Affected Versions Rifatron 5brid DVR versions HD6-532/516, DX6-516/508/504, MX6-516/508/504, EH6-504 Description The Rifatron 5brid DVR contains a flaw in the animate.cgi script that permits unauthorized access to live video streams. An attacker can leverage th...