Lucene search
K

13 matches found

Cvelist
Cvelist
added 2026/06/23 12:13 p.m.36 views

CVE-2026-56379 ImageMagick - Command Injection via SVG Decoder

ImageMagick before 7.1.2-15 and 6.9.13-40 contains a command injection vulnerability in the SVG decoder that allows attackers to inject arbitrary MVG drawing commands. Attackers can craft malicious SVG files with injected Magick Vector Graphics commands that execute during rendering...

9.2CVSS0.01193EPSS
Exploits0References2
AlpineLinux
AlpineLinux
added 2026/06/23 12:13 p.m.8 views

CVE-2026-56379

ImageMagick before 7.1.2-15 and 6.9.13-40 contains a command injection vulnerability in the SVG decoder that allows attackers to inject arbitrary MVG drawing commands. Attackers can craft malicious SVG files with injected Magick Vector Graphics commands that execute during rendering...

9.2CVSS6.1AI score0.01193EPSS
Exploits0References6
CVE
CVE
added 2026/06/08 2:1 p.m.25 views

CVE-2026-25558

CVE-2026-25558 affects QloApps up to version 1.7.0. The issue is a stored cross-site scripting flaw in the admin file manager, permitting an authenticated administrator to inject malicious JavaScript by uploading crafted SVG files. Attackers can embed event handlers (e.g., onload) in SVGs uploade...

4.8CVSS5.5AI score0.0023EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/04/07 12:0 a.m.6 views

QuickDrop 跨站脚本漏洞

QuickDrop is a self-hosted anonymous file sharing application developed by Rostislav. It supports multipart uploads and encrypted storage. Versions of QuickDrop prior to 1.5.3 had a cross-site scripting vulnerability. This vulnerability stemmed from a storage-related cross-site scripting flaw in...

6.1CVSS5.6AI score0.00187EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2016-7097

Malware in sbrugna...

5.5CVSS5.6AI score0.01389EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-36947

Malicious code in bioql PyPI...

5.4CVSS5.5AI score0.0088EPSS
Exploits1References5
CVE
CVE
added 2025/07/22 12:0 a.m.18 views

CVE-2025-51858

The CVE-2025-51858 entry concerns a self XSS vulnerability in ChatPlayground.ai up to 2025-05-24, exploitable via crafted SVG content sent in the chat component. Affected software is ChatPlayground.ai (chat feature) with the root cause described as SVG content in chat triggering script execution ...

6.1CVSS5.9AI score0.00281EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/07/18 12:0 a.m.3 views

CVE-2025-46000

An arbitrary file upload vulnerability in the component /rsc/filemanager.rsc.class.php of Filemanager commit c75b914 v.2.5.0 allows attackers to execute arbitrary code via uploading a crafted SVG file...

7.4AI score0.00448EPSS
Exploits1References3
Amazon
Amazon
added 2023/04/10 12:0 a.m.5 views

Medium: ImageMagick

Issue Overview: A vulnerability was discovered in ImageMagick where a specially created SVG file loads itself and causes a segmentation fault. This flaw allows a remote attacker to pass a specially crafted SVG file that leads to a segmentation fault, generating many trash files in "/tmp," resulti...

5.5CVSS5.8AI score0.00865EPSS
Exploits1
CNNVD
CNNVD
added 2022/06/10 12:0 a.m.12 views

convert-svg 代码注入漏洞

convert-svg is open source series of open source software for converting SVG format files to other formats. A security vulnerability exists in versions of convert-svg prior to 0.6.3, which stems from the use of specially crafted SVG files that can read arbitrary files from the file system and the...

7.8CVSS7.3AI score0.00855EPSS
Exploits1References4
CNVD
CNVD
added 2022/04/15 12:0 a.m.30 views

PayloadCMS arbitrary file upload vulnerability

PayloadCMS is a Headless CMS and application framework built using TypeScript, Node.js, React and MongoDB.PayloadCMS is vulnerable to arbitrary file uploads, which can be exploited by attackers to execute arbitrary code via crafted SVG files...

9.8CVSS4.2AI score0.02164EPSS
Exploits1References1
IBM Security Bulletins
IBM Security Bulletins
added 2018/07/20 2:44 p.m.33 views

Security Bulletin: IBM Cúram Social Program Management contains an Apache Batik Vulnerability (CVE-2015-0250)

Summary IBM Cúram is shipped with a third party library called Apache Batik, which is vulnerable to specially crafted SVG files. These files can potientially be used to reveal files and obtain sensitive information. Vulnerability Details CVEID: CVE-2015-0250 DESCRIPTION: Apache Batik could allow ...

6.4CVSS1AI score0.16677EPSS
Exploits1Affected Software1
OSV
OSV
added 2012/09/05 11:55 p.m.6 views

CVE-2011-3146

librsvg before 2.34.1 uses the node name to identify the type of node, which allows context-dependent attackers to cause a denial of service NULL pointer dereference and possibly execute arbitrary code via a SVG file with a node with the element name starting with "fe," which is misidentified as ...

7.3AI score
Exploits0References11
Rows per page
Query Builder