EUVD-2026-21148

SiYuan Affected by Zero-Click NTLM Hash Theft and Blind SSRF via Mermaid Diagram Rendering...

CVE-2026-40107 SiYuan Affected by Zero-Click NTLM Hash Theft and Blind SSRF via Mermaid Diagram Rendering

SiYuan is a personal knowledge management system. Prior to 3.6.4, SiYuan configures Mermaid.js with securityLevel: "loose" and htmlLabels: true. In this mode, tags with src attributes survive Mermaid's internal DOMPurify and land in SVG blocks. The SVG is injected via innerHTML with no secondary...

CVE-2026-40107

Summary: SiYuan before 3.6.4 configures Mermaid.js with securityLevel: loose and htmlLabels: true, allowing tags to survive DOMPurify and land in SVG blocks. The SVG is injected via innerHTML with no secondary sanitization. When a user opens a note containing a malicious Mermaid diagram, the El...

NiceGUI Stored/Reflected XSS in ui.interactive_image via unsanitized SVG content

Summary A Cross-Site Scripting XSS vulnerability exists in the ui.interactiveimage component of NiceGUI v3.3.1 and earlier. The component renders SVG content using Vue's v-html directive without any sanitization. This allows attackers to inject malicious HTML or JavaScript via the SVG tag. Detail...

GHSA-2M4F-CG75-76W2 NiceGUI Stored/Reflected XSS in ui.interactive_image via unsanitized SVG content

Summary A Cross-Site Scripting XSS vulnerability exists in the ui.interactiveimage component of NiceGUI v3.3.1 and earlier. The component renders SVG content using Vue's v-html directive without any sanitization. This allows attackers to inject malicious HTML or JavaScript via the SVG tag. Detail...

Cross-site Scripting (XSS)

Overview nicegui is a Create web-based user interfaces with Python. The nice way. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the ui.interactiveimage component when rendering SVG content using the v-html directive without sanitization. An attacker can execute...

EUVD-2025-32031

Malicious code in bioql PyPI...

Fiora chat group avatar is vulnerable to XSS via SVG files

File upload vulnerability in Fiora chat application 1.0.0 through user avatar upload functionality. The application fails to validate SVG file content, allowing malicious SVG files with embedded foreignObject elements containing iframe tags and JavaScript event handlers onmouseover to be uploaded...

CVE-2025-56515

File upload vulnerability in Fiora chat application 1.0.0 through user avatar upload functionality. The application fails to validate SVG file content, allowing malicious SVG files with embedded foreignObject elements containing iframe tags and JavaScript event handlers onmouseover to be uploaded...

CVE-2025-56515

CVE-2025-56515 affects Fiora chat application 1.0.0. The issue is in the user avatar SVG upload: content is not validated, allowing SVGs with foreignObject, iframe elements and JavaScript event handlers (e.g., onmouseover) to be uploaded and stored. When rendered, these SVGs execute arbitrary Jav...

CVE-2025-56515

File upload vulnerability in Fiora chat application 1.0.0 through user avatar upload functionality. The application fails to validate SVG file content, allowing malicious SVG files with embedded foreignObject elements containing iframe tags and JavaScript event handlers onmouseover to be uploaded...

SUSE CVE-2010-1786

Use-after-free vulnerability in WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4; and webkitgtk before 1.2.6; allows remote attackers to execute arbitrary code or cause a denial of service application crash via a foreignObject elemen...

Firefox - SVG cross domain cookie vulnerability （CVE-2016-9078）

Original link: http://insert-script.blogspot.jp/2016/12/firefox-svg-cross-domain-cookie.html Author: the Alex Inführ Translation: Holic know Chong Yu 404 Safety laboratory , this article has additions and changes Note: the vulnerability only affects Firefox 49 and 50 version, details see the...

Opera foreignObject textNode::removeChild Use-After-Free

Throughout November, I plan to release details on vulnerabilities I found in web-browsers which I've not released before. This is the twenty-second entry in that series. Unfortunately I won't be able to publish everything within one month at the current rate, so I may continue to publish these...

WebKit: multiple vulnerabilities in WebKitGTK

Use-after-free vulnerability in WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4; and webkitgtk before 1.2.6; allows remote attackers to execute arbitrary code or cause a denial of service application crash via a foreignObject elemen...

Apple Safari Webkit foreignObject元素释放后使用漏洞

BUGTRAQ ID: 42046 CVE ID: CVE-2010-1786 Safari是苹果家族机器操作系统中默认捆绑的WEB浏览器。 Safari的Webkit对用于将外部文档嵌入到SVG名称空间的特殊标签的布局实现中存在漏洞。之后在尝试计算用于渲染标签内容的布局信息时，可能会访问之前已被释放的linebox，导致执行任意代码。 Apple Safari 5.x Apple Safari 4.x 厂商补丁： Apple ----- 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载： http://www.apple.com/safari/download/...

ZDI-10-141: Apple Webkit SVG ForeignObject Rendering Layout Remote Code Execution Vulnerability

ZDI-10-141: Apple Webkit SVG ForeignObject Rendering Layout Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-10-141 August 5, 2010 -- CVE ID: CVE-2010-1786 -- CVSS: 10, AV:N/AC:L/Au:N/C:C/I:C/A:C -- Affected Vendors: Apple -- Affected Products: Apple Safari --...