13 matches found
CVE-2026-56379 ImageMagick - Command Injection via SVG Decoder
ImageMagick before 7.1.2-15 and 6.9.13-40 contains a command injection vulnerability in the SVG decoder that allows attackers to inject arbitrary MVG drawing commands. Attackers can craft malicious SVG files with injected Magick Vector Graphics commands that execute during rendering...
CVE-2026-56379
ImageMagick before 7.1.2-15 and 6.9.13-40 contains a command injection vulnerability in the SVG decoder that allows attackers to inject arbitrary MVG drawing commands. Attackers can craft malicious SVG files with injected Magick Vector Graphics commands that execute during rendering...
CVE-2026-25558
CVE-2026-25558 affects QloApps up to version 1.7.0. The issue is a stored cross-site scripting flaw in the admin file manager, permitting an authenticated administrator to inject malicious JavaScript by uploading crafted SVG files. Attackers can embed event handlers (e.g., onload) in SVGs uploade...
QuickDrop 跨站脚本漏洞
QuickDrop is a self-hosted anonymous file sharing application developed by Rostislav. It supports multipart uploads and encrypted storage. Versions of QuickDrop prior to 1.5.3 had a cross-site scripting vulnerability. This vulnerability stemmed from a storage-related cross-site scripting flaw in...
EUVD-2016-7097
Malware in sbrugna...
EUVD-2022-36947
Malicious code in bioql PyPI...
CVE-2025-51858
The CVE-2025-51858 entry concerns a self XSS vulnerability in ChatPlayground.ai up to 2025-05-24, exploitable via crafted SVG content sent in the chat component. Affected software is ChatPlayground.ai (chat feature) with the root cause described as SVG content in chat triggering script execution ...
CVE-2025-46000
An arbitrary file upload vulnerability in the component /rsc/filemanager.rsc.class.php of Filemanager commit c75b914 v.2.5.0 allows attackers to execute arbitrary code via uploading a crafted SVG file...
Medium: ImageMagick
Issue Overview: A vulnerability was discovered in ImageMagick where a specially created SVG file loads itself and causes a segmentation fault. This flaw allows a remote attacker to pass a specially crafted SVG file that leads to a segmentation fault, generating many trash files in "/tmp," resulti...
convert-svg 代码注入漏洞
convert-svg is open source series of open source software for converting SVG format files to other formats. A security vulnerability exists in versions of convert-svg prior to 0.6.3, which stems from the use of specially crafted SVG files that can read arbitrary files from the file system and the...
PayloadCMS arbitrary file upload vulnerability
PayloadCMS is a Headless CMS and application framework built using TypeScript, Node.js, React and MongoDB.PayloadCMS is vulnerable to arbitrary file uploads, which can be exploited by attackers to execute arbitrary code via crafted SVG files...
Security Bulletin: IBM Cúram Social Program Management contains an Apache Batik Vulnerability (CVE-2015-0250)
Summary IBM Cúram is shipped with a third party library called Apache Batik, which is vulnerable to specially crafted SVG files. These files can potientially be used to reveal files and obtain sensitive information. Vulnerability Details CVEID: CVE-2015-0250 DESCRIPTION: Apache Batik could allow ...
CVE-2011-3146
librsvg before 2.34.1 uses the node name to identify the type of node, which allows context-dependent attackers to cause a denial of service NULL pointer dereference and possibly execute arbitrary code via a SVG file with a node with the element name starting with "fe," which is misidentified as ...