Lucene search
K

7 matches found

CVE
CVE
added 2026/03/19 9:26 p.m.12 views

CVE-2026-32753

FreeScout (PHP Laravel) vulnerability CVE-2026-32753 affects 1.8.208 and earlier. By bypassing the attachment view logic and SVG sanitizer, an attacker can upload an SVG masquerading as a safe image (e.g., xss.png with Content-Type image/svg+xml) and cause the server to render inline SVG containi...

8.5CVSS5.7AI score0.00207EPSS
Exploits1References3Affected Software1
Tenable Nessus
Tenable Nessus
added 2024/09/26 12:0 a.m.31 views

Versa Director Authenticated Remote Code Execution (CVE-2024-39717)

The version of Versa Director installed on the remote host is affected by an authenticated remote code execution vulnerability: - The Versa Director GUI provides an option to customize the look and feel of the user interface. This option is only available for a user logged with...

7.2CVSS7.8AI score0.04006EPSS
Exploits1References3
NVD
NVD
added 2021/07/22 5:15 p.m.20 views

CVE-2021-26699

OX App Suite before 7.10.3-rev4 and 7.10.4 before 7.10.4-rev4 allows SSRF via a shared SVG document that is mishandled by the imageconverter component when the .png extension is used...

5.8CVSS0.02002EPSS
Exploits1References4
Prion
Prion
added 2021/07/22 5:15 p.m.20 views

Server side request forgery (ssrf)

OX App Suite before 7.10.3-rev4 and 7.10.4 before 7.10.4-rev4 allows SSRF via a shared SVG document that is mishandled by the imageconverter component when the .png extension is used...

5.8CVSS5.5AI score0.02002EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2021/07/22 4:22 p.m.27 views

CVE-2021-26699

OX App Suite before 7.10.3-rev4 and 7.10.4 before 7.10.4-rev4 allows SSRF via a shared SVG document that is mishandled by the imageconverter component when the .png extension is used...

5.7AI score0.02002EPSS
Exploits1References4
Nextcloud
Nextcloud
added 2020/10/20 12:0 a.m.87 views

XSS through image upload on contacts using svg file with png extension (NC-SA-2020-044)

A missing file type check in Nextcloud Contacts 3.4.0 allowed a malicious user to upload SVG files as PNG files to perform XSS attacks...

3.5CVSS1.9AI score0.00634EPSS
Exploits1Affected Software1
Hacker One
Hacker One
added 2020/10/05 2:20 p.m.55 views

Nextcloud: XSS through image upload of contacts using svg file with png extension

Hello again, this is a bypass 89487 basically use the same payload file but change the extension to PNG Impact XSS or Open redirect when viewing the image of a contact...

3.5CVSS1.5AI score0.00634EPSS
Exploits1
Rows per page
Query Builder