15 matches found
CVE-2026-35608
QuickDrop is an easy-to-use file sharing application. Prior to 1.5.3, a stored XSS vulnerability exists in the file preview endpoint. The application allows SVG files to be uploaded via the /api/file/upload-chunk endpoint. An attacker can upload a specially crafted SVG file containing a JavaScrip...
EUVD-2016-2052
Malware in sbrugna...
EUVD-2025-20172
Malicious code in bioql PyPI...
EUVD-2024-40271
Malicious code in bioql PyPI...
CVE-2025-53171
Stack overflow risk when vector images are parsed during file preview Impact: Successful exploitation of this vulnerability may affect the file preview function...
CVE-2025-53176
Stack overflow risk when vector images are parsed during file preview Impact: Successful exploitation of this vulnerability may affect the file preview function...
CVE-2025-53174
CVE-2025-53174 concerns Huawei HarmonyOS with a stack overflow risk when parsing vector images during file preview. Multiple connected sources (CNVD-2025-15514, CNNVD-202507-642) specify affected versions as HarmonyOS 5.0.1 and 5.1.0, with the vulnerability enabling exploitation that can affect t...
CVE-2025-53173
Stack overflow risk when vector images are parsed during file preview Impact: Successful exploitation of this vulnerability may affect the file preview function...
PT-2025-28109 · Huawei · Harmonyos
Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. Description: There is a risk of stack overflow when vector images are parsed during file preview. The impact of successful exploitation of this issue may affect the file preview function. Recommendations...
PT-2025-28106 · Huawei +1 · Harmonyos
Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. Description: There is a risk of stack overflow when vector images are parsed during file preview. The impact of successful exploitation of this issue may affect the file preview function. Recommendations...
CVE-2025-50183
OpenList Frontend is a UI component for OpenList. Prior to version 4.0.0-rc.4, a vulnerability exists in the file preview/browsing feature of the application, where files with a .py extension that contain JavaScript code wrapped in...
CVE-2021-32622
Matrix-React-SDK is a react-based SDK for inserting a Matrix chat/voip client into a web page. Before version 3.21.0, when uploading a file, the local file preview can lead to execution of scripts embedded in the uploaded file. This can only occur after several user interactions to open the previ...
CVE-2002-2047
The file preview functionality in Sketch 0.6.12 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the filename of an encapsulated Postscript EPS file...
Xibo CMS 安全漏洞
Xibo CMS is an open source content management system from Xibo Digital Signage. A security vulnerability exists in Xibo CMS versions prior to 4.1.0, which stems from vulnerability to a cross-site scripting attack that allows an authorized user to execute arbitrary JavaScript via the file preview...
CVE-2018-3762
CVE-2018-3762 affects Nextcloud Server prior to 12.0.8 and 13.0.3, where improper checks of dropped permissions for incoming shares let a user request previews for files they should not access. Root cause: inadequate enforcement of access control on image preview requests. Impact stated in source...