CVE-2026-50873

An arbitrary file upload vulnerability in the attachment handling component of flatnotes v5.5.4 allows attackers to execute arbitrary code via uploading a crafted HTML or SVG file...

CVE-2026-11569 Quay: quay: stored xss via filedrop svg upload

A flaw was found in Quay. The filedrop endpoint accepts any mime type without validation, allowing an authenticated user with repository write access to upload a malicious SVG file containing JavaScript. The file is stored and served inline through the CDN, enabling stored cross-site scripting wh...

PT-2026-46891

SVG files are in the allowed extensions whitelist and can be uploaded by any admin user via the media manager. There is zero SVG content sanitization anywhere in the upload pipeline. A malicious SVG with JavaScript onload, , executes in the context of the Shopware domain when accessed. The Proble...

CVE-2026-47119

CVE-2026-47119 concerns Agent Zero before version 1.15, which is affected by a stored XSS via the image_get API endpoint. The vulnerability arises when SVG files are served without proper headers (no Content-Security-Policy, X-Content-Type-Options, or Content-Disposition), allowing an attacker to...

CVE-2026-39970

TypeBot is a chatbot builder tool. Versions 3.15.2 and prior contain a critical stored XSS vulnerability in the app.typebot.io profile picture upload form. The application fails to sanitize or restrict SVG/XML-based uploads and directly renders them when accessed through the domain. By uploading ...

CVE-2026-45314

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.3, the channel webhook create/update flow accepts arbitrary profileimageurl values, including data:image/svg+xml;base64,... payloads. The profile image endpoint then decodes and serves...

CVE-2026-30117

scalar/astro v0.1.13 was discovered to contain an arbitrary file upload vulnerability in the the scalarurl query parameter of the Scalar Proxy endpoint. This vulnerability allows attackers to execute arbitrary code via uploading a crafted SVG file...

PT-2026-41940

Name of the Vulnerable Software and Affected Versions scalar/astro version 0.1.13 Description An arbitrary file upload issue exists in the Scalar Proxy endpoint via the scalar url query parameter. This allows attackers to execute arbitrary code by uploading a specially crafted SVG file Scalable...

CVE-2026-30117

scalar/astro v0.1.13 was discovered to contain an arbitrary file upload vulnerability in the the scalarurl query parameter of the Scalar Proxy endpoint. This vulnerability allows attackers to execute arbitrary code via uploading a crafted SVG file...

CVE-2026-46360

phpMyFAQ before 4.1.2 contains a stored cross-site scripting vulnerability in SvgSanitizer::decodeAllEntities that limits recursive entity decoding to 5 iterations, allowing attackers to bypass sanitization. Authenticated users with FAQEDIT permission can upload malicious SVG files with deeply...

phpMyFAQ 跨站脚本漏洞

phpMyFAQ is a multilingual, database-driven FAQ system developed by Thorsten Rinne. Versions of phpMyFAQ prior to 4.1.2 had a cross-site scripting vulnerability. This vulnerability stemmed from a recursive entity decoding limit of 5 times in SvgSanitizer::decodeAllEntities, allowing users with...

PT-2026-41162

Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.8.0 Description The profile image url field on the user profile update form accepts arbitrary data: URI values without MIME-type validation, leading to Cross-Site Scripting XSS. This occurs because the applicatio...

PT-2026-40764

A cross-site scripting XSS vulnerability exists in Alinto SOGo, version 5.12.7. A maliciously crafted ICS calendar invitation files allows arbitrary JavaScript execution within the authenticated SOGo webmail session. The issue occurs because SVG content embedded in the description field of an ICS...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: ImageMagick (UTSA-2026-016796)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016796 advisory. ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-12, using Magick to read a malicious SVG file...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the GET /public/api/resources/download endpoint when serving SVG files without a proper Content Security Policy header. An attacker can execute arbitrary JavaScript in the context of users' browsers by...

Arbitrary File Upload

Overview Affected versions of this package are vulnerable to Arbitrary File Upload via the file upload. An administrator can execute arbitrary JavaScript in the context of the application by uploading a crafted SVG or HTML file containing malicious scripts, which are then served to users without...

CVE-2026-34974

phpMyFAQ is an open source FAQ web application. Prior to version 4.1.1, the regex-based SVG sanitizer in phpMyFAQ SvgSanitizer.php can be bypassed using HTML entity encoding in javascript: URLs within SVG attributes. Any user with editfaq permission can upload a malicious SVG that executes...

CVE-2026-29924

Grav CMS v1.7.x and before is vulnerable to XML External Entity XXE through the SVG file upload functionality in the admin panel and File Manager plugin...

CVE-2026-29924

Grav CMS v1.7.x and before is vulnerable to XML External Entity XXE through the SVG file upload functionality in the admin panel and File Manager plugin...

CVE-2026-25100

Bludit- CVE-2026-25100: Stored XSS in image upload. An authenticated attacker with content-upload privileges (Author/Editor/Administrator) can upload an SVG payload; the payload executes when a victim visits the uploaded resource URL. The resource is accessible without authentication. Affected: a...