13 matches found
EUVD-2013-6259
Malware in sbrugna...
EUVD-2016-3401
Malware in sbrugna...
EUVD-2022-3624
Malicious code in bioql PyPI...
EUVD-2022-48237
Malicious code in bioql PyPI...
EUVD-2023-0628
Malicious code in bioql PyPI...
EUVD-2025-7669
Malicious code in bioql PyPI...
CVE-2025-51858
Self Cross-Site Scripting XSS vulnerability in ChatPlayground.ai through 2025-05-24, allows attackers to execute arbitrary code and gain sensitive information via a crafted SVG file contents sent through the chat component...
CVE-2025-46000
An arbitrary file upload vulnerability in the component /rsc/filemanager.rsc.class.php of Filemanager commit c75b914 v.2.5.0 allows attackers to execute arbitrary code via uploading a crafted SVG file...
CVE-2024-33103
An arbitrary file upload vulnerability in the Media Manager component of DokuWiki 2024-02-06a allows attackers to execute arbitrary code by uploading a crafted SVG file. NOTE: as noted in the 4267 issue reference, there is a position that exploitability can only occur with a misconfiguration of t...
CVE-2025-46655
CodiMD through 2.5.4 has a CSP-based protection mechanism against XSS through uploaded SVG documents containing JavaScript, but it can be bypassed in certain cases of different-origin file storage, such as AWS S3. NOTE: it can be considered a user error if AWS is employed for hosting untrusted...
Design/Logic Flaw
This affects all versions of package convert-svg-core; all versions of package convert-svg-to-png; all versions of package convert-svg-to-jpeg. Using a specially crafted SVG file, an attacker could read arbitrary files from the file system and then show the file content as a converted PNG file...
WordPress WP SVG images Plugin Cross-Site Scripting Vulnerability
WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports PHP and MySQL server set up a personal blog site.WordPress plugin is a WordPress open source application plugin . A cross-site scripting vulnerability exists in WordPress WP S...
CVE-2013-2031
MediaWiki before 1.19.6 and 1.20.x before 1.20.5 allows remote attackers to conduct cross-site scripting XSS attacks, as demonstrated by a CDATA section containing valid UTF-7 encoded sequences in a SVG file, which is then incorrectly interpreted as UTF-8 by Chrome and Firefox...