EUVD-2026-10893

SiYuan has a SVG Sanitizer Bypass via Element — Unauthenticated XSS...

CVE-2026-31807

SiYuan is a personal knowledge management system. Prior to 3.5.10, SiYuan's SVG sanitizer SanitizeSVG blocks dangerous elements , , and removes on event handlers and javascript: in href attributes. However, it does NOT block SVG animation elements , which can dynamically set attributes to dangero...

PT-2026-24462

Name of the Vulnerable Software and Affected Versions SiYuan versions prior to 3.5.10 Description SiYuan is a personal knowledge management system. The SVG sanitizer SanitizeSVG in versions prior to 3.5.10 does not block SVG animation elements , , allowing attackers to dynamically set attributes ...

SiYuan 跨站脚本漏洞

SiYuan is a privacy-oriented personal knowledge management system developed by SiYuan. Versions of SiYuan prior to 3.5.10 contained a cross-site scripting vulnerability. This vulnerability stemmed from the SVG cleaner not preventing SVG animation elements, which could bypass static cleaning and...

Angular Stored XSS Vulnerability via SVG Animation, SVG URL and MathML Attributes

A Stored Cross-Site Scripting XSS vulnerability has been identified in the Angular Template Compiler. It occurs because the compiler's internal security schema is incomplete, allowing attackers to bypass Angular's built-in security sanitization. Specifically, the schema fails to classify certain...

Mozilla: Use-after-free in SMIL animation functions (MFSA 2017-11, MFSA 2017-12)

A use-after-free vulnerability in SMIL animation functions occurs when pointers to animation elements in an array are dropped from the animation controller while still in use. This results in a potentially exploitable crash. This vulnerability affects Thunderbird 52.1, Firefox ESR 45.9, Firefox E...

FreeBSD : chromium -- multiple vulnerabilities (99aef698-66ed-11e1-8288-00262d5ed8ee)

Google Chrome Releases reports : 105867 High CVE-2011-3031: Use-after-free in v8 element wrapper. Credit to Chamal de Silva. 108037 High CVE-2011-3032: Use-after-free in SVG value handling. Credit to Arthur Gerkis. 108406 115471 High CVE-2011-3033: Buffer overflow in the Skia drawing library...

Design/Logic Flaw

Use-after-free vulnerability in Google Chrome before 17.0.963.65 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving SVG animation elements...

CVE-2011-3044

Use-after-free vulnerability in Google Chrome before 17.0.963.65 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving SVG animation elements...

CVE-2011-3044

CVE-2011-3044 affects Google Chrome prior to 17.0.963.65. The vulnerability is a use-after-free in SVG animation elements, allowing remote attackers to trigger a denial of service (and potentially other impacts) via SVG animation vectors. Mitigation provided in the Chrome update to version 17.0.9...

Google Chrome < 17.0.963.65 Multiple Vulnerabilities

Binary data 800899.prm...

chromium -- multiple vulnerabilities

Google Chrome Releases reports: 105867 High CVE-2011-3031: Use-after-free in v8 element wrapper. Credit to Chamal de Silva. 108037 High CVE-2011-3032: Use-after-free in SVG value handling. Credit to Arthur Gerkis. 108406 115471 High CVE-2011-3033: Buffer overflow in the Skia drawing library. Cred...