15 matches found
CVE-2023-50252
php-svg-lib is an SVG file parsing / rendering library. Prior to version 0.5.1, when handling tag that references an tag, it merges the attributes from the tag to the tag. The problem pops up especially when the href attribute from the tag has not been sanitized. This can lead to an unsafe file...
EUVD-2021-18957
Malware in sbrugna...
EUVD-2023-43838
Malicious code in bioql PyPI...
CVE-2025-25692
A PHAR deserialization vulnerability in the getHeaders function of PrestaShop v8.2.0 allows attackers to execute arbitrary code via a crafted POST request...
CVE-2025-25692
A PHAR deserialization vulnerability in the getHeaders function of PrestaShop v8.2.0 allows attackers to execute arbitrary code via a crafted POST request...
CVE-2025-25691
A PHAR deserialization vulnerability in the component /themes/import of PrestaShop v8.2.0 allows attackers to execute arbitrary code via a crafted POST request...
CVE-2025-25692
CVE-2025-25692 affects PrestaShop v8.2.0 with a PHAR deserialization vulnerability in the _getHeaders function. A crafted POST request can lead to arbitrary code execution. The incident is tied to the getHeaders implementation in PrestaShop’s codebase, enabling an attacker to run code on the serv...
CVE-2021-32098
Artica Pandora FMS 742 allows unauthenticated attackers to perform Phar deserialization...
Debian dsa-5642 : php-dompdf-svg-lib - security update
The remote Debian 12 host has a package installed that is affected by multiple vulnerabilities as referenced in the dsa-5642 advisory. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-5642-1...
CVE-2023-50252
php-svg-lib is an SVG file parsing / rendering library. Prior to version 0.5.1, when handling tag that references an tag, it merges the attributes from the tag to the tag. The problem pops up especially when the href attribute from the tag has not been sanitized. This can lead to an unsafe file...
Deserialization of untrusted data
php-svg-lib is an SVG file parsing / rendering library. Prior to version 0.5.1, when handling tag that references an tag, it merges the attributes from the tag to the tag. The problem pops up especially when the href attribute from the tag has not been sanitized. This can lead to an unsafe file...
CVE-2023-50252
php-svg-lib is an SVG file parsing / rendering library. Prior to version 0.5.1, when handling tag that references an tag, it merges the attributes from the tag to the tag. The problem pops up especially when the href attribute from the tag has not been sanitized. This can lead to an unsafe file...
CVE-2023-50252 php-svg-lib unsafe attributes merge when parsing `use` tag
php-svg-lib is an SVG file parsing / rendering library. Prior to version 0.5.1, when handling tag that references an tag, it merges the attributes from the tag to the tag. The problem pops up especially when the href attribute from the tag has not been sanitized. This can lead to an unsafe file...
CVE-2021-32098
Artica Pandora FMS 742 allows unauthenticated attackers to perform Phar deserialization...
CVE-2019-8141
CVE-2019-8141 affects Magento open-source platforms Magento 2.1 (before 2.1.19), Magento 2.2 (before 2.2.10), and Magento 2.3 (before 2.3.3). The issue is a remote code execution via a Phar deserialization vulnerability in the system-level import functionality, exploitable by an authenticated use...