CVE-2026-11569

CVE-2026-11569 affects Quay: the filedrop endpoint accepts any mime type without validation, allowing an authenticated user with repository write access to upload a malicious SVG containing JavaScript. The file is stored and served inline via the CDN, enabling stored XSS when a victim visits the ...

CVE-2022-28270

Adobe Photoshop versions 22.5.6 and earlier and 23.2.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious SVG...

CVE-2017-2587

A memory allocation vulnerability was found in netpbm before 10.61. A maliciously crafted SVG file could cause the application to crash...

Alkacon OpenCMS gallery feature cross-site scripting vulnerability

Alkacon OpenCms is the German Alkacon Software's set of open source Java and XML-based content management system CMS. The system supports template engine , WYSIWYG editor and so on. A cross-site scripting vulnerability exists in the gallery feature in Alkacon OpenCMS version 10.5.3. A remote...