Lucene search
K

9 matches found

NVD
NVD
added 2026/03/08 4:16 p.m.8 views

CVE-2026-3749

A weakness has been identified in Bytedesk up to 1.3.9. This vulnerability affects the function handleFileUpload of the file source-code/src/main/java/com/bytedesk/core/upload/UploadRestService.java of the component SVG File Handler. Executing a manipulation can lead to unrestricted upload. The...

8.8CVSS0.00422EPSS
Exploits1References9
Snyk
Snyk
added 2025/11/06 4:47 p.m.8 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the upload, create, and rename features for files with HTML and SVG types, due to insufficient content-type validation and lack of output sanitization. An attacker can execute arbitrary scripts in the contex...

8.1CVSS5.5AI score0.00361EPSS
Exploits2References2
Tenable Nessus
Tenable Nessus
added 2025/08/22 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2018-19882

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Artifex MuPDF 1.14.0, the svgrunimage function in svg/svg-run.c allows remote attackers to cause a denial of service hrefatt NULL pointer dereference and...

5.5CVSS5.6AI score0.01425EPSS
Exploits1References2
CNNVD
CNNVD
added 2025/07/25 12:0 a.m.6 views

OpenCart 安全漏洞

OpenCart is an open source e-commerce system by the OpenCart team in China. The system provides modules for product reviews, product ratings, and product additions. A security vulnerability exists in OpenCart version 4.1.0.4, which stems from an unvalidated SVG file that could lead to stored...

6.1CVSS6AI score0.00246EPSS
Exploits1References2
OSV
OSV
added 2024/07/24 11:15 a.m.2 views

CVE-2024-6896

The AMP for WP – Accelerated Mobile Pages plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.96.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

5.4CVSS5.9AI score0.00332EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2023/11/21 12:0 a.m.3 views

PT-2023-9698 · Nextcloud +1 · Nextcloud Enterprise Server +2

Name of the Vulnerable Software and Affected Versions: Nextcloud Server versions prior to 27.1.10 Nextcloud Server versions prior to 28.0.6 Nextcloud Server versions prior to 29.0.1 Nextcloud Enterprise Server versions prior to 24.0.12.15 Nextcloud Enterprise Server versions prior to 25.0.13.10...

6.8CVSS7.1AI score0.00652EPSS
Exploits0References11
OSV
OSV
added 2022/06/14 3:15 a.m.2 views

CVE-2022-31447

An XML external entity XXE injection vulnerability in Magicpin v3.4 allows attackers to access sensitive database information via a crafted SVG file...

7.5CVSS5.8AI score0.01172EPSS
Exploits1References2
PyPA
PyPA
added 2020/11/11 4:15 p.m.4 views

PYSEC-2020-241

MoinMoin is a wiki engine. In MoinMoin before version 1.9.11, an attacker with write permissions can upload an SVG file that contains malicious javascript. This javascript will be executed in a user's browser when the user is viewing that SVG file on the wiki. Users are strongly advised to upgrad...

8.7CVSS7AI score0.01725EPSS
Exploits1References4Affected Software1
NVD
NVD
added 2004/02/08 5:0 a.m.21 views

CVE-2004-1244

Windows Media Player 9 allows remote attackers to execute arbitrary code via a PNG file containing large 1 width or 2 height values, aka the "PNG Processing Vulnerability."...

7.5CVSS7.5AI score0.33199EPSS
Exploits0References7
Rows per page
Query Builder