Lucene search
K

5 matches found

OSV
OSV
added 2026/04/10 7:21 p.m.4 views

GHSA-W95V-4H65-J455 SiYuan Affected by Zero-Click NTLM Hash Theft and Blind SSRF via Mermaid Diagram Rendering

SiYuan configures Mermaid.js with securityLevel: "loose" and htmlLabels: true. In this mode, tags with src attributes survive Mermaid's internal DOMPurify and land in SVG blocks. The SVG is injected via innerHTML with no secondary sanitization. When a victim opens a note containing a malicious...

8.7CVSS5.9AI score0.00306EPSS
Exploits1References3
Veracode
Veracode
added 2025/11/03 3:5 p.m.4 views

Cross-site Scripting (XSS)

@lobehub/cha is vulnerable to a Cross-Site Scripting XSS. The vulnerability is due to unsafe SVG rendering due to SVGRenderer using dangerouslySetInnerHTML for image/svg+xml lobeArtifact content. An attacker can inject malicious SVGs via chat messages...

7.7CVSS6.1AI score0.00371EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2025/10/06 9:54 p.m.12 views

CVE-2025-61768

KUNO CMS prior to 1.3.15 is affected by an SSRF in the Media module via uploading specially crafted SVGs with external image references. A logged‑in administrator can trigger an outgoing connection to an arbitrary URL, enabling information disclosure or internal network probing. The issue is fixe...

5.1CVSS6.2AI score0.00313EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/10/06 9:54 p.m.14 views

CVE-2025-61768 Kuno CMS Vulnerable to Server-Side Request Forgery (SSRF) via Unsafe SVG Upload

KUNO CMS is a fully deployable full-stack blog application. In versions prior to 1.3.15, an SSRF Server-Side Request Forgery vulnerability exists in the Media module of the Kuno CMS administrative panel. A logged-in administrator can upload a specially crafted SVG file containing an external imag...

5.1CVSS0.00313EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.9 views

EUVD-2025-32294

Malicious code in bioql PyPI...

6.1CVSS6.6AI score0.00213EPSS
Exploits1References2
Rows per page
Query Builder