CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

9 matches found

NVD•added 2026/01/28 7:16 a.m.•8 views

CVE-2026-1466

Jirafeau normally prevents browser preview for text files due to the possibility that for example SVG and HTML documents could be exploited for cross site scripting. This was done by storing the MIME type of a file and allowing only browser preview for MIME types beginning with image except for...

6.1CVSS0.00287EPSS

Exploits0References4

EUVD•added 2025/10/03 8:7 p.m.•4 views

EUVD-2024-45929

Malicious code in bioql PyPI...

6.5CVSS6.3AI score0.00652EPSS

Exploits0References4

RedhatCVE•added 2025/05/23 10:41 a.m.•6 views

CVE-2024-52515

Nextcloud Server is a self hosted personal cloud system. After an admin enables the default-disabled SVG preview provider, a malicious user could upload a manipulated SVG file referencing paths. If the file would exist the preview of the SVG would preview the other file instead. It is recommended...

6.5CVSS6.8AI score0.00652EPSS

Exploits0References1

OpenVAS•added 2024/11/21 12:0 a.m.•14 views

Nextcloud Server 27.x < 27.1.10, 28.x < 28.0.6, 29.x < 29.0.1 Incomplete Sanitization Vulnerability

Nextcloud Server is prone to an incomplete sanitization vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

6.5CVSS6.7AI score0.00652EPSS

Exploits0References1

CVE•added 2024/11/15 5:3 p.m.•73 views

CVE-2024-52515

The CVE-2024-52515 entry concerns Nextcloud Server where, after an admin enables the default-disabled SVG preview provider, a malicious user could upload an SVG file that references paths, causing the preview to render another file’s contents. Technical details across connected sources confirm th...

6.5CVSS5.5AI score0.00652EPSS

Exploits0References4Affected Software1

OSV•added 2024/11/15 5:3 p.m.•30 views

CVE-2024-52515 Nextcloud Server has incomplete sanitization of SVG files allows to embed other images into previews

5.7CVSS6.6AI score0.00652EPSS

Exploits0References6

CNNVD•added 2024/11/15 12:0 a.m.•4 views

Nextcloud 安全漏洞

Nextcloud is an open source suite of self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. A security vulnerability exists in Nextcloud that stems from a malicious user being able to upload a manipulated SVG file with a referenced path after an...

6.5CVSS6.5AI score0.00652EPSS

Exploits0References4

CNNVD•added 2024/10/22 12:0 a.m.•2 views

Umbraco CMS 注入漏洞

Umbraco CMS is a content management system from Umbraco, Denmark. An injection vulnerability exists in Umbraco CMS that stems from a remote code execution issue that may expose users to code execution risk when previewing SVG files in full-screen mode...

4.6CVSS8.4AI score0.00428EPSS

Exploits0References2