[Eclipse Theia] Data Exfiltration via Markdown Image Rendering in AI Chat

In Eclipse Theia versions prior to 1.71.0, the AI chat rendered Markdown image tags from AI responses, triggering HTTP requests to arbitrary external URLs without restriction. Combined with prompt injection in a malicious workspace, an attacker could induce the AI agent to construct image URLs...

CVE-2026-22551

In Eclipse Theia versions prior to 1.71.0, the AI chat rendered Markdown image tags from AI responses, triggering HTTP requests to arbitrary external URLs without restriction. Combined with prompt injection in a malicious workspace, an attacker could induce the AI agent to construct image URLs...

EUVD-2026-37900

In Eclipse Theia versions prior to 1.71.0, the AI chat rendered Markdown image tags from AI responses, triggering HTTP requests to arbitrary external URLs without restriction. Combined with prompt injection in a malicious workspace, an attacker could induce the AI agent to construct image URLs...

CVE-2026-22551

Eclipse Theia versions before 1.71.0 are affected: the AI chat could render Markdown image tags from AI responses, causing HTTP requests to arbitrary external URLs. In combination with a malicious workspace via prompt injection, an attacker could coax the AI agent to construct image URLs that lea...

Mattermost 访问控制错误漏洞

Mattermost is an open-source collaboration platform developed by the American company Mattermost. Versions of Mattermost such as 11.5.1 and earlier 11.5.x series, as well as 11.4.3 and earlier 11.4.x series, have a access control vulnerability. This vulnerability stems from the failure to validat...

[SECURITY] Fedora 44 Update: libexif-0.6.26-1.fc44

Most digital cameras produce EXIF files, which are JPEG files with extra tags that contain information about the image. The EXIF library allows you to parse an EXIF file and read the data from those tags...

CVE-2026-29107

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. Prior to versions 7.15.1 and 8.9.3, it is possible to create PDF templates with tags. When a PDF is exported using this template, the content for example, is rendered server side, and thus a...

CVE-2026-29107 SuiteCRM vulnerable to authenticated SSRF via PDF export

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. Prior to versions 7.15.1 and 8.9.3, it is possible to create PDF templates with tags. When a PDF is exported using this template, the content for example, is rendered server side, and thus a...

PT-2026-26445

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. Prior to versions 7.15.1 and 8.9.3, it is possible to create PDF templates with tags. When a PDF is exported using this template, the content for example, is rendered server side, and thus a...

CVE-2025-63082

Lack of input filtering leads to an XSS vector in the HTML filter code related to data URLs in img tags...

CVE-2025-63082

Lack of input filtering leads to an XSS vector in the HTML filter code related to data URLs in img tags...

CVE-2025-63082 Joomla! Core - [20260101] - Inadequate content filtering for data URLs

Lack of input filtering leads to an XSS vector in the HTML filter code related to data URLs in img tags...

CVE-2025-63082

Joomla! Core is affected by CVE-2025-63082: lack of input filtering enables an XSS vector in the HTML filter code when processing data URLs in img tags. Affected products/versions include Joomla! 3.9.x before 5.4.2 and 6.x before 6.0.2, as reported by multiple sources. The issue stems from inadeq...

PT-2026-1462

Name of the Vulnerable Software and Affected Versions versions prior to 2025 affected versions not specified Description A flaw exists due to insufficient input validation, resulting in a cross-site scripting XSS vector within the HTML filter code. This issue specifically relates to data URLs fou...

EUVD-2002-1880

Malware in sbrugna...

EUVD-2002-2317

Malware in sbrugna...

CLSA-2025-1751141320 gstreamer1-plugins-good: Fix of CVE-2024-47613

CVE-2024-47613: fix integer overflow in available data check for image tags...

CVE-2002-2339

Cross-site scripting XSS vulnerability in configure.asp in Script-Shed GuestBook 1.0 allows remote attackers to inject arbitrary web script or HTML via a javascript: URL in 1 image, 2 img, 3 image=right, 4 img=right, 5 image=left, and 6 img=left tags...

Cybercriminals Exploit Onerror Event in Image Tags to Deploy Payment Skimmers

Cybersecurity researchers have flagged a credit card stealing malware campaign that has been observed targeting e-commerce sites running Magento by disguising the malicious content within image tags in HTML code in order to stay under the radar. MageCart is the name given to a malware that's...

PT-2023-31059 · Growi · Growi

Name of the Vulnerable Software and Affected Versions: GROWI versions prior to v6.0.0 Description: A stored cross-site scripting issue exists via the img tags. If exploited, an arbitrary script may be executed on the web browser of the user who accessed the site using the product. Recommendations...