Lucene search
K

2084 matches found

RedhatCVE
RedhatCVE
added 2026/06/07 5:8 a.m.10 views

CVE-2026-11180

A policy bypass flaw was found in the SVG component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=502631225...

7.4CVSS5.4AI score0.00229EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/06/07 5:7 a.m.9 views

CVE-2026-11166

An inappropriate implementation flaw was found in the SVG component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=502118936...

8.1CVSS5.4AI score0.00205EPSS
Exploits0References5
OSV
OSV
added 2026/06/05 8:9 p.m.8 views

GHSA-MH5M-5HW4-5C69 TinyMCE Cross-Site Scripting (XSS) vulnerability using sanitization bypass through nested SVGs

Impact TinyMCE 6.8.x contains an XSS vulnerability caused by improper SVG namespace scope handling in the sanitizer. A crafted payload using nested elements can bypass attribute sanitization and execute arbitrary JavaScript. Patches This issue affects TinyMCE 6.8.x-7.0.x. The vulnerability is fix...

8.7CVSS5.8AI score0.00191EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/06/05 7:43 p.m.11 views

CVE-2026-8496

A cross-site scripting XSS vulnerability exists in Alinto SOGo, version 5.12.7. A maliciously crafted ICS calendar invitation files allows arbitrary JavaScript execution within the authenticated SOGo webmail session. The issue occurs because SVG content embedded in the description field of an ICS...

6.1CVSS5.7AI score0.00283EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:34 p.m.11 views

CVE-2026-49102

Webmin before 2.640 allows mailboxes/detach.cgi XSS via an SVG document attachment that is viewed in the mailboxes component, because image/svg+xml is used instead of a safe type e.g., text/plain...

6.1CVSS5.4AI score0.00155EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:28 p.m.9 views

CVE-2026-4054

Mattermost versions 11.5.x = 11.5.1, 10.11.x = 10.11.13, 11.4.x = 11.4.3 Fail to validate the response body of proxied images, which allows a remote attacker to enact client-side DoS via an SVG file served from an attacker-controlled origin under a non-SVG Content-Type header e.g. image/png...

6.5CVSS5.5AI score0.00242EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:26 p.m.16 views

CVE-2026-48208

An improper neutralization of active SVG content in OTRS or OTRS Community Edition ticket article rendering allows attackers to inject specially crafted SVG payloads via email content, leading to browser-side resource exhaustion and denial of service when affected tickets are opened by an agent o...

6.5CVSS5.7AI score0.00333EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:26 p.m.11 views

CVE-2026-39311

Trilium Notes is a cross-platform, hierarchical note taking application focused on building large personal knowledge bases. Versions 0.102.1 and prior contain a critical security flaw where lack of SVG sanitization combined with a disabled Content Security Policy CSP and a publicly reachable...

6.8CVSS6.3AI score0.00288EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:23 p.m.10 views

CVE-2026-35608

QuickDrop is an easy-to-use file sharing application. Prior to 1.5.3, a stored XSS vulnerability exists in the file preview endpoint. The application allows SVG files to be uploaded via the /api/file/upload-chunk endpoint. An attacker can upload a specially crafted SVG file containing a JavaScrip...

6.1CVSS5.4AI score0.00187EPSS
Exploits1References1
Microsoft CVE
Microsoft CVE
added 2026/06/05 2:0 p.m.9 views

Chromium: CVE-2026-11180 Policy bypass in SVG

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

6.5CVSS5.4AI score0.00229EPSS
Exploits0
EUVD
EUVD
added 2026/06/05 12:31 a.m.11 views

EUVD-2026-34643

Inappropriate implementation in SVG in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: Medium...

5.8AI score0.00247EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/05 12:31 a.m.13 views

EUVD-2026-34641

Inappropriate implementation in SVG in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: Medium...

5.8AI score0.00229EPSS
Exploits0References3
NVD
NVD
added 2026/06/04 11:17 p.m.10 views

CVE-2026-11182

Inappropriate implementation in SVG in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: Medium...

6.5CVSS0.00247EPSS
Exploits0References2
NVD
NVD
added 2026/06/04 11:17 p.m.11 views

CVE-2026-11180

Inappropriate implementation in SVG in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: Medium...

6.5CVSS0.00229EPSS
Exploits0References2
OSV
OSV
added 2026/06/04 11:17 p.m.7 views

DEBIAN-CVE-2026-11180

Inappropriate implementation in SVG in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: Medium...

6.5CVSS5.5AI score0.00229EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/04 11:5 p.m.8 views

CVE-2026-11182

Inappropriate implementation in SVG in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: Medium...

5.8AI score0.00247EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/04 11:5 p.m.9 views

CVE-2026-11180

Inappropriate implementation in SVG in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: Medium...

5.8AI score0.00229EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2026/06/04 11:5 p.m.27 views

CVE-2026-11180

CVE-2026-11180 describes an insecure SVG handling in Google Chrome before version 149.0.7827.53, where an improper implementation could allow a remote attacker to leak cross-origin data via a crafted HTML page. The impact is data disclosure with network access as the attack vector, and user inter...

6.5CVSS5.8AI score0.00229EPSS
Exploits0References2Affected Software1
Debian CVE
Debian CVE
added 2026/06/04 11:5 p.m.7 views

CVE-2026-11180

Inappropriate implementation in SVG in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: Medium...

6.5CVSS5.5AI score0.00229EPSS
Exploits0
Debian CVE
Debian CVE
added 2026/06/04 11:5 p.m.8 views

CVE-2026-11166

Inappropriate implementation in SVG in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to inject arbitrary scripts or HTML UXSS via a crafted HTML page. Chromium security severity: Medium...

6.8CVSS5.6AI score0.00205EPSS
Exploits0
Rows per page
Query Builder