Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

EUVD
EUVDadded 2026/05/15 9:31 p.m.4 views

EUVD-2026-30662

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.3, the channel webhook create/update flow accepts arbitrary profileimageurl values, including data:image/svg+xml;base64,... payloads. The profile image endpoint then decodes and serves...

7.4CVSS6AI score0.0001EPSS
Exploits1References1
Positive Technologies
Positive Technologiesadded 2026/03/10 12:0 a.m.1 views

PT-2026-24194

Name of the Vulnerable Software and Affected Versions Copyparty versions prior to 1.20.11 Description Copyparty’s nohtml configuration option, designed to block JavaScript execution in uploaded HTML files, did not extend to SVG images. A user with write access could upload an SVG file containing...

5.4CVSS6AI score0.00042EPSS
Exploits0References10
Tenable Nessus
Tenable Nessusadded 2025/09/10 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2024-47759

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GLPI is a free Asset and IT management software package. An technician can upload a SVG containing a malicious script. The script will then be executed when any...

6.7CVSS5AI score0.00679EPSS
Exploits0References2
NVD
NVDadded 2025/05/23 4:15 p.m.10 views

CVE-2025-48378

DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. Prior to version 9.13.9, uploaded SVG files could contain scripts and if rendered inline those scripts could run allowing XSS attacks. Version 9.13.9 fixes the issue...

6.1CVSS0.00055EPSS
Exploits0References2
Positive Technologies
Positive Technologiesadded 2023/09/08 12:0 a.m.4 views

PT-2023-27903 · Unknown · Matrix Media Repo

Name of the Vulnerable Software and Affected Versions: matrix-media-repo versions prior to 1.3.0 Description: The issue allows an attacker to upload malicious media to the media repository, which is then served with Content-Disposition: inline upon download. This can be leveraged to execute scrip...

5.4CVSS7.4AI score0.00623EPSS
Exploits0References13
Vulnrichment
Vulnrichmentadded 2022/09/23 7:55 a.m.4 views

CVE-2022-39239 nefly-ipx subject to Server-Side Request Forgery and Stored Cross-Site Scripting via Cache Poisoning and Improper Host Validation

netlify-ipx is an on-Demand image optimization for Netlify using ipx. In versions prior to 1.2.3, an attacker can bypass the source image domain allowlist by sending specially crafted headers, causing the handler to load and return arbitrary images. Because the response is cached globally, this...

6.1CVSS6.2AI score0.00179EPSS
Exploits0References1
Mozilla
Mozillaadded 2022/06/28 12:0 a.m.428 views

Security Vulnerabilities fixed in Firefox 102 — Mozilla

A malicious website that could create a popup could have resized the popup to overlay the address bar with its own content, resulting in potential user confusion or spoofing attacks. This bug only affects Firefox for Linux. Other operating systems are unaffected. Session history navigations may...

9.8CVSS0.6AI score0.00645EPSS
Exploits0References25Affected Software1
Rows per page
Query Builder