Lucene search
K

18462 matches found

Nuclei
Nuclei
added yesterday124 views

SAP Internet Graphics Server (IGS) - XML External Entity Injection

SAP Internet Graphics Servers IGS running versions 7.20, 7.20EXT, 7.45, 7.49, or 7.53 has two XML external entity injection XXE vulnerabilities within the XMLCHART page - CVE-2018-2392 and CVE-2018-2393. These vulnerabilities occur due to a lack of appropriate validation on the Extension HTML tag...

7.5CVSS7AI score0.40591EPSS
Exploits2References6
Nuclei
Nuclei
added yesterday32 views

WordPress Mapplic <= 6.1 / Mapplic Lite <= 1.0 - Authenticated Stored XSS via SVG File Upload

The Mapplic and Mapplic Lite plugins for WordPress are vulnerable to Stored Cross-Site Scripting via arbitrary URL injection in versions up to and including 6.1 and 1.0 respectively. Authenticated users with author-level permissions can inject arbitrary remote URLs for SVG map files. When a user...

8.3CVSS6.2AI score0.01133EPSS
Exploits1References4
Nuclei
Nuclei
added yesterday66 views

Joomla! Component Graphics 1.0.6 - Local File Inclusion

A directory traversal vulnerability in graphics.php in the Graphics comgraphics component 1.0.6 and 1.5.0 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. dot dot in the controller parameter to index.php. id: CVE-2010-1653 info: name: Joomla! Component...

7.5CVSS6.3AI score0.13373EPSS
Exploits1References5
CVE
CVE
added 2 days ago9 views

CVE-2026-61858

CVE-2026-61858 concerns ImageMagick prior to 7.1.2-26, where a policy bypass vulnerability exists in the APNG encoder and external delegates due to missing validation checks. Attackers can bypass policy restrictions during APNG encoding and write files to disallowed paths. The provided documents ...

4.8CVSS6.1AI score0.00133EPSS
Exploits0References2
CVE
CVE
added 3 days ago5 views

CVE-2026-45203

The CVE-2026-45203 issue concerns kernel software running in a Host VM that can send improper commands to the GPU firmware, potentially triggering a memory write outside the host kernel’s permitted range. The root cause is a TOCTOU condition in the GPU DDK path (rgxfw_hwperf_ufo()) where a malici...

6.1AI score0.00116EPSS
Exploits0References1
CVE
CVE
added 3 days ago7 views

CVE-2026-45196

GPU DDK vulnerability (CVE-2026-45196) arises from unsanitized pointers in host-kernel interactions with rgxfw_hwperf_hw, allowing kernel software in a Host VM to issue improper commands to GPU Firmware and trigger an arbitrary GPU register write, potentially enabling privilege escalation. The de...

6.1AI score0.00142EPSS
Exploits0References1
EUVD
EUVD
added 3 days ago7 views

EUVD-2026-43039

Kernel software installed and running inside a Host VM may post improper commands to the GPU Firmware to trigger a GPU register access which can lead to privilege escalation...

6.1AI score0.00142EPSS
Exploits0References1
CVE
CVE
added 3 days ago7 views

CVE-2026-7639

CVE-2026-7639 affects the GPU DDK driver (PMMETA_PROTECT heap) where a non-privileged user can trigger a sequence of improper GPU system calls and a faulty MMU mapping path, leading to a use-after-free and incomplete cleanup of internal driver state. This may allow future unauthorized access to c...

6.1AI score0.00155EPSS
Exploits0References1
CVE
CVE
added 3 days ago6 views

CVE-2026-41154

The CVE-2026-41154 entry describes a GPU DDK issue where software run as a non-privileged user can trigger out-of-bounds (OOB) kernel memory reads/writes via GPU API calls. The root cause is an incorrect buffer/index calculation in the page freeing logic for the sparse memory implementation when ...

6.1AI score0.00167EPSS
Exploits0References1
EUVD
EUVD
added 3 days ago6 views

EUVD-2026-43004

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.27.1, FreeRDP clients launched with the non-default /cache:codec:rfx option pass desktop stride and height to RemoteFX decoding for Cache Bitmap V3 data while allocating bitmap-data only for the smaller DstWidth and...

7.5CVSS6.1AI score0.00452EPSS
Exploits0References4
NVD
NVD
added 3 days ago6 views

CVE-2026-61456

The Grav API plugin getgrav/grav-plugin-api before 1.0.3 fails to sanitize SVG files uploaded through the POST /api/v1/media endpoint. The HandlesMediaUploads::processUploadedFile method validates only the file extension and never invokes Security::sanitizeSVG, so an authenticated attacker with t...

5.1CVSS0.00141EPSS
Exploits0References2
EUVD
EUVD
added 3 days ago6 views

EUVD-2026-42905

The Grav API plugin getgrav/grav-plugin-api before 1.0.3 fails to sanitize SVG files uploaded through the POST /api/v1/media endpoint. The HandlesMediaUploads::processUploadedFile method validates only the file extension and never invokes Security::sanitizeSVG, so an authenticated attacker with t...

5.1CVSS6.2AI score0.00141EPSS
Exploits0References2
CVE
CVE
added 3 days ago6 views

CVE-2026-61456

Grav API plugin (getgrav/grav-plugin-api) before 1.0.3 is vulnerable to stored XSS via SVG uploads. The HandlesMediaUploads::processUploadedFile() path only validates file extension and does not call Security::sanitizeSVG(), enabling an authenticated attacker with api.media.write to upload an SVG...

5.1CVSS6.2AI score0.00141EPSS
Exploits0References2
CVE
CVE
added 3 days ago10 views

CVE-2026-15321

CVE-2026-15321 (MyEMS Admin Backend) affects myems-api/core/svg.py, function on_post, in MyEMS

4.8CVSS4.3AI score0.0022EPSS
Exploits0References8
NVD
NVD
added 4 days ago6 views

CVE-2026-53962

Discourse is an open-source discussion platform. Prior to 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5, insufficient SVG sanitization in upload and user avatar handling could lead to cross-site scripting when a user visited specific URLs that are not normally part of community browsing. This issue ...

5.4CVSS0.00264EPSS
Exploits0References9
RedHat Linux
RedHat Linux
added 4 days ago5 views

firefox: thunderbird: Denial-of-service in the Graphics: ImageLib component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Denial-of-service in the Graphics: ImageLib component...

6.5CVSS5.9AI score0.00227EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 4 days ago5 views

firefox: thunderbird: Privilege escalation in the Graphics: WebRender component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Privilege escalation in the Graphics: WebRender component...

8.8CVSS5.9AI score0.00395EPSS
Exploits0References6
EUVD
EUVD
added 4 days ago7 views

EUVD-2026-42590

A vulnerability was determined in GPAC 26.03-DEV. This affects the function vobsubreadidx of the file /src/mediatools/vobsub.c of the component MP4Box. Executing a manipulation of the argument numlangs can lead to out-of-bounds read. The attack needs to be launched locally. The exploit has been...

4.8CVSS5.4AI score0.00112EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 4 days ago6 views

firefox: thunderbird: Denial-of-service in the Graphics: ImageLib component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Denial-of-service in the Graphics: ImageLib component...

6.5CVSS5.9AI score0.00227EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 4 days ago7 views

firefox: thunderbird: Incorrect boundary conditions in the Graphics: CanvasWebGL component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Incorrect boundary conditions in the Graphics: CanvasWebGL component...

7.3CVSS5.9AI score0.00209EPSS
Exploits0References6
Rows per page
Query Builder