Lucene search
K

254 matches found

NVD
NVD
added 2026/06/22 10:16 p.m.10 views

CVE-2026-44311

Fabric.js is a Javascript HTML5 canvas library. Prior to 7.4.0, a potential Cross-Site Scripting XSS vulnerability exists in Fabric.js due to improper escaping of user-controlled input during SVG serialization via the toSVG method. Specifically, the color field within the colorStops array of a...

6.1CVSS0.00194EPSS
Exploits1References2
CVE
CVE
added 2026/06/22 8:50 p.m.16 views

CVE-2026-44311

CVE-2026-44311 (Fabric.js) describes an XSS in which the color value in colorStops of a fabric.Gradient is not properly escaped when serializing to SVG via toSVG(), allowing injected HTML/SVG to be executed if the SVG is rendered into the DOM. Documents confirm the issue affects Fabric.js prior t...

6.1CVSS6AI score0.00194EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2026/06/22 8:50 p.m.20 views

CVE-2026-44311 Fabric.js: Improper escaping in fabric.Gradient colorStops leads to XSS in SVG serialization

Fabric.js is a Javascript HTML5 canvas library. Prior to 7.4.0, a potential Cross-Site Scripting XSS vulnerability exists in Fabric.js due to improper escaping of user-controlled input during SVG serialization via the toSVG method. Specifically, the color field within the colorStops array of a...

5.4CVSS0.00194EPSS
Exploits1References2
NVD
NVD
added 2026/06/15 6:16 p.m.10 views

CVE-2026-6045

LibreOffice can import EMF+ graphics, which may be embedded in documents. A heap buffer overflow existed when importing an EMF+ gradient brush. The number of gradient blend points was read from the file and used to compute an allocation size, but that multiplication could overflow, so a small...

6.9CVSS0.0012EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/15 4:22 p.m.6 views

CVE-2026-6045 Heap buffer overflow in EMF+ gradient brush import

LibreOffice can import EMF+ graphics, which may be embedded in documents. A heap buffer overflow existed when importing an EMF+ gradient brush. The number of gradient blend points was read from the file and used to compute an allocation size, but that multiplication could overflow, so a small...

6.9CVSS5.6AI score0.0012EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/15 4:22 p.m.9 views

EUVD-2026-36736

LibreOffice can import EMF+ graphics, which may be embedded in documents. A heap buffer overflow existed when importing an EMF+ gradient brush. The number of gradient blend points was read from the file and used to compute an allocation size, but that multiplication could overflow, so a small...

6.9CVSS5.6AI score0.0012EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/15 4:22 p.m.32 views

CVE-2026-6045 Heap buffer overflow in EMF+ gradient brush import

LibreOffice can import EMF+ graphics, which may be embedded in documents. A heap buffer overflow existed when importing an EMF+ gradient brush. The number of gradient blend points was read from the file and used to compute an allocation size, but that multiplication could overflow, so a small...

6.9CVSS0.0012EPSS
Exploits0References1
CVE
CVE
added 2026/06/15 4:22 p.m.25 views

CVE-2026-6045

CVE-2026-6045 : In LibreOffice, importing EMF+ graphics can trigger a heap buffer overflow in the gradient brush import. The file’s gradient blend points are read to compute an allocation size, and an overflow can occur when multiplying that count, causing a small buffer to be filled as if it wer...

6.9CVSS5.6AI score0.0012EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.12 views

PT-2026-49264

LibreOffice can import EMF+ graphics, which may be embedded in documents. A heap buffer overflow existed when importing an EMF+ gradient brush. The number of gradient blend points was read from the file and used to compute an allocation size, but that multiplication could overflow, so a small...

6.9CVSS5.6AI score0.0012EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/15 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2026-6045

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - LibreOffice can import EMF+ graphics, which may be embedded in documents. A heap buffer overflow existed when importing an EMF+ gradient brush. The number of...

6.9CVSS6.1AI score0.0012EPSS
Exploits0References4
Snyk
Snyk
added 2026/06/12 9:0 p.m.7 views

Improper Encoding or Escaping of Output

Overview fabric is an Object model for HTML5 canvas, and SVG-to-canvas parser. Backed by jsdom and node-canvas. Affected versions of this package are vulnerable to Improper Encoding or Escaping of Output via the toSVG and getSvgStyles/getSvgSpanStyles paths in the gradient, object, and text SVG...

6.1CVSS5.5AI score0.00194EPSS
Exploits1References3
Patchstack
Patchstack
added 2026/06/12 9:0 p.m.4 views

NPM: Fabric.js improper escaping in fabric.Gradient colorStops leads to XSS in SVG serialization

NPM: Fabric.js improper escaping in fabric.Gradient colorStops leads to XSS in SVG serialization vulnerability discovered by ? in WordPress Npm fabric versions 7.4.0...

5.4CVSS5.8AI score0.00194EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/12 9:0 p.m.14 views

Fabric.js improper escaping in fabric.Gradient colorStops leads to XSS in SVG serialization

Summary A potential Cross-Site Scripting XSS vulnerability exists in Fabric.js due to improper escaping of user-controlled input during SVG serialization via the toSVG method. Specifically, the color field within the colorStops array of a fabric.Gradient object is not properly escaped when...

6.1CVSS5.8AI score0.00194EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2026/06/12 9:0 p.m.9 views

GHSA-W22M-HVVM-XMWX Fabric.js improper escaping in fabric.Gradient colorStops leads to XSS in SVG serialization

Summary A potential Cross-Site Scripting XSS vulnerability exists in Fabric.js due to improper escaping of user-controlled input during SVG serialization via the toSVG method. Specifically, the color field within the colorStops array of a fabric.Gradient object is not properly escaped when...

5.4CVSS5.9AI score0.00194EPSS
Exploits1References3
Snyk
Snyk
added 2026/06/12 9:0 p.m.5 views

Improper Encoding or Escaping of Output

Overview org.webjars.npm:fabric is an Object model for HTML5 canvas, and SVG-to-canvas parser. Backed by jsdom and node-canvas. Affected versions of this package are vulnerable to Improper Encoding or Escaping of Output via the toSVG and getSvgStyles/getSvgSpanStyles paths in the gradient, object...

6.1CVSS5.5AI score0.00194EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.20 views

PT-2026-49055

Name of the Vulnerable Software and Affected Versions Fabric.js versions prior to 7.4.0 Description Improper escaping of user-controlled input during SVG serialization via the toSVG method can lead to Cross-Site Scripting XSS. Specifically, the color field within the colorStops array of a...

6.1CVSS6AI score0.00194EPSS
Exploits1References8
Packet Storm News
Packet Storm News
added 2026/06/10 12:0 a.m.6 views

Categorical Robustness Assessment for Machine Learning Based Network Intrusion Detection Systems

Network Intrusion Detection Systems NIDS heavily utlize Machine Learning ML but ML models can be manipulated via adversarial attacks. These attacks add carefully crafted perturbations to network traffic data that leads to misclassifications. While prior work has demonstrated adversarial...

5.3AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/06/09 12:0 a.m.8 views

Assessing Automated Prompt Injection Attacks in Agentic Environments

Indirect prompt injection poses a critical threat to LLM agents that interact with untrusted external data, yet automated attack methods--proven effective for jailbreaking--remain underexplored in realistic agentic settings. We present a comprehensive empirical evaluation of automated prompt...

5.5AI score
Exploits0
Amazon
Amazon
added 2026/06/08 12:0 a.m.10 views

Important: libvncserver

Issue Overview: LibVNCClient is a library for easy implementation of a VNC client. In 0.9.15 and earlier, LibVNCClient's Tight encoding decoder uses fixed-size 2048-pixel scratch buffers for the Gradient filter, but it does not reject Tight rectangles whose width is larger than 2048 pixels. A...

8.8CVSS5.5AI score0.00242EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/06/08 12:0 a.m.11 views

Amazon Linux 2 : libvncserver, --advisory ALAS2-2026-3331 (ALAS-2026-3331)

The version of libvncserver installed on the remote host is prior to 0.9.9-14. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3331 advisory. LibVNCClient is a library for easy implementation of a VNC client. In 0.9.15 and earlier, LibVNCClient's Tight encoding decod...

8.8CVSS5.5AI score0.00242EPSS
Exploits0References4
Rows per page
Query Builder