74 matches found
CVE-2026-57535
Content injected to PDF rendering contexts could, in many places, include HTML content including tags. If the src attribute of these images pointed to an URL, the PDF rendering engine would download the image from that place and display it, thereby leaking information about the rendering server a...
CVE-2026-57535
CVE-2026-57535 describes a vulnerability in PDF rendering contexts where HTML content (including tags) can be injected. If an tag src points to a URL, the rendering engine may fetch the image, potentially leaking information about the rendering server and enabling an SSRF-like vector in the loc...
[Eclipse Theia] Data Exfiltration via Markdown Image Rendering in AI Chat
In Eclipse Theia versions prior to 1.71.0, the AI chat rendered Markdown image tags from AI responses, triggering HTTP requests to arbitrary external URLs without restriction. Combined with prompt injection in a malicious workspace, an attacker could induce the AI agent to construct image URLs...
CVE-2026-22551
In Eclipse Theia versions prior to 1.71.0, the AI chat rendered Markdown image tags from AI responses, triggering HTTP requests to arbitrary external URLs without restriction. Combined with prompt injection in a malicious workspace, an attacker could induce the AI agent to construct image URLs...
EUVD-2026-37900
In Eclipse Theia versions prior to 1.71.0, the AI chat rendered Markdown image tags from AI responses, triggering HTTP requests to arbitrary external URLs without restriction. Combined with prompt injection in a malicious workspace, an attacker could induce the AI agent to construct image URLs...
CVE-2026-22551
Eclipse Theia versions before 1.71.0 are affected: the AI chat could render Markdown image tags from AI responses, causing HTTP requests to arbitrary external URLs. In combination with a malicious workspace via prompt injection, an attacker could coax the AI agent to construct image URLs that lea...
PT-2026-50688
Name of the Vulnerable Software and Affected Versions Eclipse Theia versions prior to 1.71.0 Description The AI chat renders Markdown image tags from AI responses, which triggers unrestricted HTTP requests to arbitrary external URLs. When combined with prompt injection in a malicious workspace, a...
Mattermost 访问控制错误漏洞
Mattermost is an open-source collaboration platform developed by the American company Mattermost. Versions of Mattermost such as 11.5.1 and earlier 11.5.x series, as well as 11.4.3 and earlier 11.4.x series, have a access control vulnerability. This vulnerability stems from the failure to validat...
[SECURITY] Fedora 44 Update: libexif-0.6.26-1.fc44
Most digital cameras produce EXIF files, which are JPEG files with extra tags that contain information about the image. The EXIF library allows you to parse an EXIF file and read the data from those tags...
CVE-2026-29107
SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. Prior to versions 7.15.1 and 8.9.3, it is possible to create PDF templates with tags. When a PDF is exported using this template, the content for example, is rendered server side, and thus a...
CVE-2026-29107 SuiteCRM vulnerable to authenticated SSRF via PDF export
SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. Prior to versions 7.15.1 and 8.9.3, it is possible to create PDF templates with tags. When a PDF is exported using this template, the content for example, is rendered server side, and thus a...
PT-2026-26445
SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. Prior to versions 7.15.1 and 8.9.3, it is possible to create PDF templates with tags. When a PDF is exported using this template, the content for example, is rendered server side, and thus a...
CVE-2025-63082
Lack of input filtering leads to an XSS vector in the HTML filter code related to data URLs in img tags...
CVE-2025-63082
Lack of input filtering leads to an XSS vector in the HTML filter code related to data URLs in img tags...
CVE-2025-63082
Joomla! Core is affected by CVE-2025-63082: lack of input filtering enables an XSS vector in the HTML filter code when processing data URLs in img tags. Affected products/versions include Joomla! 3.9.x before 5.4.2 and 6.x before 6.0.2, as reported by multiple sources. The issue stems from inadeq...
CVE-2025-63082 Joomla! Core - [20260101] - Inadequate content filtering for data URLs
Lack of input filtering leads to an XSS vector in the HTML filter code related to data URLs in img tags...
PT-2026-1462
Name of the Vulnerable Software and Affected Versions versions prior to 2025 affected versions not specified Description A flaw exists due to insufficient input validation, resulting in a cross-site scripting XSS vector within the HTML filter code. This issue specifically relates to data URLs fou...
EUVD-2002-1880
Malware in sbrugna...
EUVD-2002-2317
Malware in sbrugna...
CLSA-2025-1751141320 gstreamer1-plugins-good: Fix of CVE-2024-47613
CVE-2024-47613: fix integer overflow in available data check for image tags...