36 matches found
Improper Encoding or Escaping of Output
Overview Magick.NET-Q8-OpenMP-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package...
EUVD-2014-1753
Malware in sbrugna...
EUVD-2016-9997
Malware in sbrugna...
EUVD-2012-6564
Malware in sbrugna...
EUVD-2021-2296
Malware in sbrugna...
EUVD-2016-7729
Malware in sbrugna...
EUVD-2021-27876
Malicious code in bioql PyPI...
EUVD-2024-48903
Malicious code in bioql PyPI...
EUVD-2024-3263
Malicious code in bioql PyPI...
EUVD-2022-6245
Malicious code in bioql PyPI...
EUVD-2022-5930
Malicious code in bioql PyPI...
EUVD-2021-27899
Malicious code in bioql PyPI...
CVE-2025-51863
Self Cross Site Scripting XSS vulnerability in ChatGPT Unli ChatGPTUnli.com thru 2025-05-26 allows attackers to execute arbitrary code via a crafted SVG file to the chat interface...
PT-2025-30421 · Unknown · Chatgpt Unli
Name of the Vulnerable Software and Affected Versions: ChatGPT Unli versions through 2025-05-26 Description: A self cross-site scripting XSS issue exists in ChatGPT Unli that allows attackers to execute arbitrary code. The issue is triggered by a crafted SVG file submitted to the chat interface...
CVE-2025-51863
The CVE-2025-51863 issue is a Self-XSS vulnerability in ChatGPT Unli’s chat interface, exploitable via a crafted SVG file uploaded/submitted to the chat. The root cause is unsanitized SVG handling that allows arbitrary code execution, leading to cookie theft and potential remote account hijacking...
Cross-Site Scripting (XSS)
dotnetnuke.core is vulnerable to cross-site scripting XSS. The vulnerability is due to uploaded SVG files containing scripts that, when rendered inline. It allows an attacker to execute malicious scripts in the context of the user’s browser...
CVE-2025-48378
DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. Prior to version 9.13.9, uploaded SVG files could contain scripts and if rendered inline those scripts could run allowing XSS attacks. Version 9.13.9 fixes the issue...
DNN allows Stored Cross-Site Scripting (XSS) with svg files rendered inline
Uploaded SVG files could contain scripts and if rendered inline those scripts could run allowing XSS attacks...
CVE-2025-48378
Consolidated evidence shows DNN (DotNetNuke) prior to specific versions is vulnerable to stored XSS via SVG uploads due to incomplete sanitization. CVE-2025-48378 (fixed in 9.13.9) describes that uploaded SVGs could contain scripts that execute when rendered inline. The connected advisories also ...
CVE-2025-48378 Dnn.Platform vulnerable to Stored Cross-Site Scripting (XSS) with svg files rendered inline
DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. Prior to version 9.13.9, uploaded SVG files could contain scripts and if rendered inline those scripts could run allowing XSS attacks. Version 9.13.9 fixes the issue...