101 matches found
CVE-2026-48208 Denial-of-Service via SVG Rendering in Ticket
An improper neutralization of active SVG content in OTRS or OTRS Community Edition ticket article rendering allows attackers to inject specially crafted SVG payloads via email content, leading to browser-side resource exhaustion and denial of service when affected tickets are opened by an agent o...
CVE-2026-48208
The CVE concerns an improper neutralization of active SVG content in OTRS/OTRS Community Edition ticket article rendering, allowing an attacker to inject crafted SVGs via email content that triggers browser-side resource exhaustion and DoS when tickets are opened. It is exploitable without JavaSc...
Astra Linux - уязвимость в qt4-x11, qtbase-opensource-src
A issue was discovered in Qt before version 5.15.15, in versions 6.x before 6.2.9, and in versions 6.3.x through 6.5.x before 6.5.1. When an SVG file containing an image is rendered, a QTextLayout buffer overflow can occur...
CVE-2026-43900 DeepChat: Persistent DOM XSS via HTML Entity Encoding in `<antArtifact>` SVG Rendering (Bypass of `svgSanitizer.ts`)
DeepChat is an open-source artificial intelligence agent platform that unifies models, tools, and agents. Prior to v1.0.4-beta.1, a Cross-Site Scripting XSS vulnerability exists due to a discrepancy between the backend validation layer and the frontend browser rendering engine. The SVGSanitizer...
CVE-2026-6210
A type confusion vulnerability in Qt SVG allows an attacker to cause an application crash via a crafted SVG image. When processing SVG marker references, the renderer retrieves a node by its id attribute and casts it to QSvgMarker without verifying the node type. A non-marker element such as a...
CVE-2026-20719 DoS via URL Previews Rendering Malicious SVGs
Mattermost versions 11.4.x = 11.4.0, 11.3.x = 11.3.1, 11.2.x = 11.2.3, 10.11.x = 10.11.11 fail to prevent rendering of external SVGs on link embeds which allows unauthenticated users to crash the Mattermost webapp and desktop app via creating an issue or PR on GitHub.. Mattermost Advisory ID:...
CVE-2026-20719
Mattermost contains a DoS vulnerability (CVE-2026-20719) in rendering external SVGs within link embeds. Affected versions are Mattermost 11.4.x <= 11.4.0, 11.3.x <= 11.3.1, 11.2.x <= 11.2.3, and 10.11.x
Vikunja has Reflected HTML Injection via filter Parameter in its Projects Module
Vikunja is an open-source self-hosted task management platform with 3,300+ GitHub stars. A reflected HTML injection vulnerability exists in the Projects module where the filter URL parameter is rendered into the DOM without output encoding when the user clicks "Filter." While and are blocked, , ,...
CVE-2026-0858
Versions of the package net.sourceforge.plantuml:plantuml before 1.2026.0 are vulnerable to Stored XSS due to insufficient sanitization of interactive attributes in GraphViz diagrams. As a result, a crafted PlantUML diagram can inject malicious JavaScript into generated SVG output, leading to...
CVE-2026-22804 Termix has a Stored XSS in File Manager leading to Local File Inclusion (LFI) in Electron and Session Hijacking in Browser
Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. From 1.7.0 to 1.9.0, Stored Cross-Site Scripting XSS vulnerability exists in the Termix File Manager component. The application fails to sanitize SVG file content before rendering it. Thi...
Termix 安全漏洞
Termix is a server management platform for Karmaa individual developers. A security vulnerability exists in Termix versions 1.7.0 through 1.9.0, which stems from a file manager component that does not clean up the contents of SVG files before rendering them, which could lead to a stored cross-sit...
CVE-2025-66520
A stored cross-site scripting XSS vulnerability exists in the Portfolio feature of the Foxit PDF Editor cloud pdfonline.foxit.com. User-supplied SVG files are not properly sanitized or validated before being inserted into the HTML structure. As a result, embedded HTML or JavaScript within a craft...
CVE-2025-66470
NiceGUI is a Python-based UI framework. Versions 3.3.1 and below are subject to a XSS vulnerability through the ui.interactiveimage component of NiceGUI. The component renders SVG content using Vue's v-html directive without any sanitization. This allows attackers to inject malicious HTML or...
Moderate: Red Hat Security Advisory: qt6-qtsvg security update
An update for qt6-qtsvg is now available for Red Hat Enterprise Linux 10.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available f...
Mozilla Firefox < 60.0.2
The version of Firefox installed on the remote Windows host is prior to 60.0.2. It is, therefore, affected by a vulnerability as referenced in the mfsa2018-14 advisory. - A heap buffer overflow can occur in the Skia library when rasterizing paths using a maliciously crafted SVG file with...
Cross-site Scripting (XSS)
@lobehub/cha is vulnerable to a Cross-Site Scripting XSS. The vulnerability is due to unsafe SVG rendering due to SVGRenderer using dangerouslySetInnerHTML for image/svg+xml lobeArtifact content. An attacker can inject malicious SVGs via chat messages...
EUVD-2011-1126
Malware in sbrugna...
EUVD-2018-17840
Malware in sbrugna...
EUVD-2017-14216
Malware in sbrugna...
EUVD-2017-16781
Malware in sbrugna...