Lucene search
+L

12 matches found

EUVD
EUVD
added 2026/03/10 11:49 p.m.4 views

EUVD-2026-10893

SiYuan has a SVG Sanitizer Bypass via Element — Unauthenticated XSS...

6.4CVSS5.8AI score0.00445EPSS
Exploits1References3
NVD
NVD
added 2026/03/10 9:16 p.m.7 views

CVE-2026-31807

SiYuan is a personal knowledge management system. Prior to 3.5.10, SiYuan's SVG sanitizer SanitizeSVG blocks dangerous elements , , and removes on event handlers and javascript: in href attributes. However, it does NOT block SVG animation elements , which can dynamically set attributes to dangero...

6.4CVSS0.00445EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/03/10 12:0 a.m.9 views

SiYuan 跨站脚本漏洞

SiYuan is a privacy-oriented personal knowledge management system developed by SiYuan. Versions of SiYuan prior to 3.5.10 contained a cross-site scripting vulnerability. This vulnerability stemmed from the SVG cleaner not preventing SVG animation elements, which could bypass static cleaning and...

6.4CVSS7.1AI score0.00445EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/03/10 12:0 a.m.6 views

PT-2026-24462

Name of the Vulnerable Software and Affected Versions SiYuan versions prior to 3.5.10 Description SiYuan is a personal knowledge management system. The SVG sanitizer SanitizeSVG in versions prior to 3.5.10 does not block SVG animation elements , , allowing attackers to dynamically set attributes ...

9.9CVSS7.1AI score0.22162EPSS
Exploits70References134
Github Security Blog
Github Security Blog
added 2025/12/02 1:20 a.m.19 views

Angular Stored XSS Vulnerability via SVG Animation, SVG URL and MathML Attributes

A Stored Cross-Site Scripting XSS vulnerability has been identified in the Angular Template Compiler. It occurs because the compiler's internal security schema is incomplete, allowing attackers to bypass Angular's built-in security sanitization. Specifically, the schema fails to classify certain...

8.5CVSS7.1AI score0.00377EPSS
Exploits1References6Affected Software1
RedHat Linux
RedHat Linux
added 2017/04/21 12:49 a.m.7 views

Mozilla: Use-after-free in SMIL animation functions (MFSA 2017-11, MFSA 2017-12)

A use-after-free vulnerability in SMIL animation functions occurs when pointers to animation elements in an array are dropped from the animation controller while still in use. This results in a potentially exploitable crash. This vulnerability affects Thunderbird 52.1, Firefox ESR 45.9, Firefox E...

9.8CVSS7.3AI score0.03622EPSS
Exploits1References5
Tenable Nessus
Tenable Nessus
added 2012/03/06 12:0 a.m.33 views

FreeBSD : chromium -- multiple vulnerabilities (99aef698-66ed-11e1-8288-00262d5ed8ee)

Google Chrome Releases reports : 105867 High CVE-2011-3031: Use-after-free in v8 element wrapper. Credit to Chamal de Silva. 108037 High CVE-2011-3032: Use-after-free in SVG value handling. Credit to Arthur Gerkis. 108406 115471 High CVE-2011-3033: Buffer overflow in the Skia drawing library...

7.5CVSS8.3AI score0.02188EPSS
Exploits2References16
Prion
Prion
added 2012/03/05 7:55 p.m.22 views

Design/Logic Flaw

Use-after-free vulnerability in Google Chrome before 17.0.963.65 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving SVG animation elements...

6.8CVSS7.5AI score0.01707EPSS
Exploits1References17Affected Software5
CVE
CVE
added 2012/03/05 7:0 p.m.82 views

CVE-2011-3044

CVE-2011-3044 affects Google Chrome prior to 17.0.963.65. The vulnerability is a use-after-free in SVG animation elements, allowing remote attackers to trigger a denial of service (and potentially other impacts) via SVG animation vectors. Mitigation provided in the Chrome update to version 17.0.9...

6.8CVSS6.9AI score0.01707EPSS
Exploits1References17Affected Software1
Cvelist
Cvelist
added 2012/03/05 7:0 p.m.23 views

CVE-2011-3044

Use-after-free vulnerability in Google Chrome before 17.0.963.65 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving SVG animation elements...

6.8AI score0.01707EPSS
Exploits1References17
Tenable Nessus
Tenable Nessus
added 2012/03/05 12:0 a.m.40 views

Google Chrome < 17.0.963.65 Multiple Vulnerabilities

Binary data 800899.prm...

7.5CVSS9.7AI score0.02188EPSS
Exploits2References15
FreeBSD
FreeBSD
added 2012/03/04 12:0 a.m.35 views

chromium -- multiple vulnerabilities

Google Chrome Releases reports: 105867 High CVE-2011-3031: Use-after-free in v8 element wrapper. Credit to Chamal de Silva. 108037 High CVE-2011-3032: Use-after-free in SVG value handling. Credit to Arthur Gerkis. 108406 115471 High CVE-2011-3033: Buffer overflow in the Skia drawing library. Cred...

7.5CVSS1.4AI score0.02188EPSS
Exploits2References1
Rows per page
Query Builder