Lucene search
K

1707 matches found

EUVD
EUVD
added 1 hour ago3 views

EUVD-2026-44619

ImageMagick before 7.1.2-26 and 6.9.13-51 contains a memory leak in the ICON decoder that occurs when a memory allocation fails. Processing a crafted ICON file that triggers an allocation failure leaks memory, which may lead to a denial of service...

6.3CVSS6.1AI score
Exploits0References3
NVD
NVD
added 2 hours ago5 views

CVE-2026-61871

ImageMagick before 7.1.2-26 and 6.9.13-51 contains a memory leak in the ICON decoder that occurs when a memory allocation fails. Processing a crafted ICON file that triggers an allocation failure leaks memory, which may lead to a denial of service...

6.3CVSS
Exploits0References2
Cvelist
Cvelist
added 2 hours ago3 views

CVE-2026-61871 ImageMagick before 7.1.2-26 Memory Leak in ICON decoder

ImageMagick before 7.1.2-26 and 6.9.13-51 contains a memory leak in the ICON decoder that occurs when a memory allocation fails. Processing a crafted ICON file that triggers an allocation failure leaks memory, which may lead to a denial of service...

6.3CVSS
Exploits0References2
Nuclei
Nuclei
added 9 hours ago157 views

SiYuan Note - Cross-Site Scripting

SiYuan Note through version 3.6.1 is vulnerable to unauthenticated reflected Cross-Site Scripting XSS in the /api/icon/getDynamicIcon endpoint due to improper filtering of SVG elements with a namespace prefix such as . By using a namespaced script element, attackers can bypass the SanitizeSVG...

8.6CVSS6.3AI score0.00469EPSS
Exploits1References2
CVE
CVE
added 2 days ago9 views

CVE-2026-15527

Summary: CVE-2026-15527 affects better-auth better-icons up to 1.0.5, with a path traversal vulnerability in the scan_project_icons/sync_icon component triggered by manipulating the icons_file argument. Local access is required. The exploit has been publicly disclosed and the project was informed...

5.3CVSS5.6AI score0.0014EPSS
Exploits0References6
EUVD
EUVD
added 5 days ago7 views

EUVD-2026-39124

SiYuan: Unauthenticated SQLite Data Exfiltration via Template Injection in /api/icon/getDynamicIcon...

5.9CVSS6.1AI score0.00239EPSS
Exploits0References2
NVD
NVD
added 2026/06/26 9:16 p.m.13 views

CVE-2026-54352

Budibase is an open-source low-code platform. Prior to 3.39.9, POST /api/pwa/process-zip at packages/server/src/api/routes/static.ts:24 accepts a builder-uploaded .zip, extracts it with [email protected] into a temp directory, then for each entry listed in icons.json validates the icon path, open...

9.6CVSS0.00494EPSS
Exploits1References1
OSV
OSV
added 2026/06/25 9:54 p.m.4 views

GHSA-G22Q-F7GC-5JHR ImageMagick has out-of-bounds write in ICON decoder due to incorrect loop

An incorrect loop in the ICON decoder can result in an out of bounds heap write resulting in a crash...

7.5CVSS5.8AI score0.00353EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/25 9:54 p.m.15 views

EUVD-2026-36188

ImageMagick has out-of-bounds write in ICON decoder due to incorrect loop...

7.5CVSS5.8AI score0.00353EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/06/25 9:54 p.m.7 views

ImageMagick has out-of-bounds write in ICON decoder due to incorrect loop

An incorrect loop in the ICON decoder can result in an out of bounds heap write resulting in a crash...

7.5CVSS5.8AI score0.00353EPSS
Exploits0References3Affected Software17
OSV
OSV
added 2026/06/25 6:43 p.m.4 views

GO-2026-5201 SiYuan vulnerable to reflected XSS via SVG namespace prefix bypass in SanitizeSVG (getDynamicIcon, unauthenticated) in github.com/siyuan-note/siyuan/kernel

SiYuan vulnerable to reflected XSS via SVG namespace prefix bypass in SanitizeSVG getDynamicIcon, unauthenticated in github.com/siyuan-note/siyuan/kernel...

8.6CVSS5.8AI score0.00469EPSS
Exploits1References4
NVD
NVD
added 2026/06/24 10:16 p.m.13 views

CVE-2026-54068

SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, the /api/icon/getDynamicIcon endpoint is explicitly excluded from authentication in SiYuan's kernel router router.go, "不需要鉴权" -- no auth needed. When called with type=8 and a valid block id parameter, this endpoint...

5.9CVSS0.00239EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/24 9:15 p.m.6 views

CVE-2026-54068

SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, the /api/icon/getDynamicIcon endpoint is explicitly excluded from authentication in SiYuan's kernel router router.go, "不需要鉴权" -- no auth needed. When called with type=8 and a valid block id parameter, this endpoint...

5.9CVSS6AI score0.00239EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/06/24 9:15 p.m.11 views

CVE-2026-54068

SiYuan before 3.7.0: unauthenticated access to /api/icon/getDynamicIcon where type=8 with a valid block id runs Go templates that execute arbitrary SQL (RenderDynamicIconContentTemplate), enabling an attacker to exfiltrate extensive SQLite data (notes, tags, asset refs, block attributes). The roo...

5.9CVSS6AI score0.00239EPSS
Exploits0References1
OSV
OSV
added 2026/06/24 9:15 p.m.4 views

CVE-2026-54068 SiYuan: Unauthenticated SQLite Data Exfiltration via Template Injection in /api/icon/getDynamicIcon

SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, the /api/icon/getDynamicIcon endpoint is explicitly excluded from authentication in SiYuan's kernel router router.go, "不需要鉴权" -- no auth needed. When called with type=8 and a valid block id parameter, this endpoint...

5.9CVSS6.1AI score0.00239EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/24 6:32 p.m.6 views

EUVD-2026-38799

A Stored Cross-Site Scripting XSS vulnerability exists in Frappe Framework version 17.0.0-dev due to improper neutralization of user-controlled input in the Desk desktop icon renderer...

4.8CVSS5.8AI score0.00239EPSS
Exploits0References3
NVD
NVD
added 2026/06/24 4:16 p.m.8 views

CVE-2026-50703

A Stored Cross-Site Scripting XSS vulnerability exists in Frappe Framework version 17.0.0-dev due to improper neutralization of user-controlled input in the Desk desktop icon renderer...

4.8CVSS0.00239EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.7 views

Astra Linux – Vulnerability in GIMP

A flaw was discovered in GIMP. There is an integer overflow vulnerability when processing ICO image files, specifically in the icoreadinfo and icoreadicon functions. This issue arises because the size calculation for image buffers can exceed the limit due to a 32-bit integer evaluation, allowing...

6.5CVSS7.4AI score0.00838EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.7 views

Astra Linux – Vulnerability in freerdp3

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, a buffer overread could occur in the freerdpimagecopyfromicondata function libfreerdp/codec/color.c, due to malicious RDP window icon TSICONINFO data. This bug could be exploited over the network when a clie...

6.9CVSS6.2AI score0.00242EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/24 2:42 p.m.32 views

CVE-2026-50703 Frappe Framework 17.0.0-dev - Stored XSS in Desktop Icon label rendering

A Stored Cross-Site Scripting XSS vulnerability exists in Frappe Framework version 17.0.0-dev due to improper neutralization of user-controlled input in the Desk desktop icon renderer...

4.8CVSS0.00239EPSS
Exploits0References2
Rows per page
Query Builder