Chromium: CVE-2026-7906 Use after free in SVG

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

Astra Linux – Vulnerability in Firefox

The SVG element could have been used to load unexpected content that might execute scripts under certain circumstances. Although the specification appears to allow this, other browsers do not do so. Web developers relied on this property for script security, so Gecko’s implementation was aligned...

Astra Linux – Vulnerability in Firefox

The HTML Sanitizer should have sanitized the href attribute of SVG use tags; however, it incorrectly did not sanitize the xlink:href attributes. This vulnerability affects Firefox versions earlier than 102...

Astra Linux – Vulnerability in Firefox

tags that referenced a document from the same origin could have allowed script execution if the attacker’s input was sanitized using the HTML Sanitizer API. This would require the attacker to reference a JavaScript file from the same origin that contained the script to be executed. This...

Mozilla Thunderbird < 52.8

The version of Thunderbird installed on the remote macOS or Mac OS X host is prior to 52.8. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2018-13 advisory. - Mozilla developers backported selected changes in the Skia library. These changes correct memory corrupti...

EUVD-2010-3803

Malware in sbrugna...

EUVD-2011-2340

Malware in sbrugna...

EUVD-2011-0498

Malware in sbrugna...

EUVD-2022-37430

Malicious code in bioql PyPI...

EUVD-2022-37428

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2010-3824

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use-after-free vulnerability in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, allows remote...

CVE-2022-34475

SVG tags that referenced a same-origin document could have resulted in script execution if attacker input was sanitized via the HTML Sanitizer API. This would have required the attacker to reference a same-origin JavaScript file containing the script to be executed. This vulnerability affects...

SUSE CVE-2010-1403

WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, accesses uninitialized memory during the handling of a use element in an SVG document, which allows remote attackers to execute arbitrary code or cause a denial of service application cra...

SUSE CVE-2022-28284

SVG's use element could have been used to load unexpected content that could have executed script in certain circumstances. While the specification seems to allow this, other browsers do not, and web developers relied on this property for script security so gecko's implementation was aligned with...

SUSE CVE-2022-34473

The HTML Sanitizer should have sanitized the href attribute of SVG use tags; however it incorrectly did not sanitize xlink:href attributes. This vulnerability affects Firefox 102...

SUSE CVE-2022-34475

SVG use tags that referenced a same-origin document could have resulted in script execution if attacker input was sanitized via the HTML Sanitizer API. This would have required the attacker to reference a same-origin JavaScript file containing the script to be executed. This vulnerability affects...

CVE-2022-34475

SVG use tags that referenced a same-origin document could have resulted in script execution if attacker input was sanitized via the HTML Sanitizer API. This would have required the attacker to reference a same-origin JavaScript file containing the script to be executed. This vulnerability affects...

CVE-2022-34473

The HTML Sanitizer should have sanitized the href attribute of SVG use tags; however it incorrectly did not sanitize xlink:href attributes. This vulnerability affects Firefox 102...

CVE-2022-34473

The HTML Sanitizer should have sanitized the href attribute of SVG use tags; however it incorrectly did not sanitize xlink:href attributes. This vulnerability affects Firefox 102...

CVE-2022-28284

SVG's use element could have been used to load unexpected content that could have executed script in certain circumstances. While the specification seems to allow this, other browsers do not, and web developers relied on this property for script security so gecko's implementation was aligned with...