PT-2026-46162

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description The device encrypts data using AES-CBC Advanced Encryption Standard in Cipher Block Chaining mode with static zero-filled Initialization Vectors IVs. This...

PT-2026-46891

SVG files are in the allowed extensions whitelist and can be uploaded by any admin user via the media manager. There is zero SVG content sanitization anywhere in the upload pipeline. A malicious SVG with JavaScript onload, , executes in the context of the Shopware domain when accessed. The Proble...

RockyLinux 10 : qt6-qtdeclarative (RLSA-2026:20567)

The remote RockyLinux 10 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:20567 advisory. qt: Qt SVG: Arbitrary QML/JavaScript code injection via malicious SVG file CVE-2025-14576 Tenable has extracted the preceding description block directly from th...

CVE-2026-41569

authentik is an open-source identity provider. Prior to version 2026.2.3, the WS-Federation provider validates the user-supplied wreply parameter using a raw string prefix check rather than proper URL parsing. An attacker who can craft a login link can supply a wreply value on a different origin...

DOMPurify: DOMPurify: Cross-Site Scripting (XSS) via inconsistent tag sanitization

A flaw was found in DOMPurify, a DOM-only cross-site scripting sanitizer. A remote attacker could exploit an inconsistency in how forbidden tags and attributes are handled when function-based tag additions are used. This allows malicious HTML, MathML, or SVG elements to bypass sanitization and...

Don't Trust Us: A Privacy-By-Design Android Malware Detection Pipeline

Android malware detection increasingly relies on collecting and processing sensitive user data, including device identifiers, network artifacts, and runtime traces, while privacy is too often treated as a secondary concern. Existing privacy-aware approaches typically enforce privacy after data...

PT-2026-45878

Name of the Vulnerable Software and Affected Versions LibreChat versions prior to 0.8.4-rc1 Description LibreChat is an enhanced ChatGPT clone supporting multiple AI providers. The Model Context Protocol MCP server integration improperly resolves $VAR placeholders against the server's process.env...

Linux Distros Unpatched Vulnerability : CVE-2026-45729

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Debian Linux - thorvg - Thor Vector Graphics ThorVG is a production-ready vector graphics engine. Prior to version 1.0.5, a null pointer dereference in...

PT-2026-46693

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.53 Description An inappropriate implementation in SVG allows a remote attacker to perform Universal Cross-Site Scripting UXSS, which is the ability to execute scripts across different origins, by usin...

PT-2026-46709

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.53 Description An inappropriate implementation in SVG allows a remote attacker to leak cross-origin data, which is information from a different origin than the one that initiated the request, by using...

CVE-2026-45729

A flaw was found in Thor Vector Graphics ThorVG, a vector graphics engine. A remote attacker could exploit this vulnerability by providing untrusted SVG Scalable Vector Graphics data. This could lead to a denial of service DoS, causing the application to crash and become unavailable. The...

CVE-2026-45729

Thor Vector Graphics ThorVG is a production-ready vector graphics engine. Prior to version 1.0.5, a null pointer dereference in SvgLoader::run allows any caller that passes untrusted SVG data to Picture::load to crash the process with a 6-byte payload. This issue has been patched in version 1.0.5...

CVE-2026-45729 ThorVG: Null pointer dereference in SVG loader causes crash via 6-byte malformed input

Thor Vector Graphics ThorVG is a production-ready vector graphics engine. Prior to version 1.0.5, a null pointer dereference in SvgLoader::run allows any caller that passes untrusted SVG data to Picture::load to crash the process with a 6-byte payload. This issue has been patched in version 1.0.5...

CVE-2026-45729

Thor Vector Graphics ThorVG is a production-ready vector graphics engine. Prior to version 1.0.5, a null pointer dereference in SvgLoader::run allows any caller that passes untrusted SVG data to Picture::load to crash the process with a 6-byte payload. This issue has been patched in version 1.0.5...

EUVD-2026-33722

Thor Vector Graphics ThorVG is a production-ready vector graphics engine. Prior to version 1.0.5, a null pointer dereference in SvgLoader::run allows any caller that passes untrusted SVG data to Picture::load to crash the process with a 6-byte payload. This issue has been patched in version 1.0.5...

CVE-2026-45729

Thor Vector Graphics (ThorVG) prior to 1.0.5 is affected by a NULL pointer dereference in SvgLoader::run() when untrusted SVG data is passed to Picture::load(), potentially crashing the process with a small payload. The issue, ratedCVSS 3.1: 4.3 (Medium) with network attack vector, requires user ...

CVE-2026-45729

Thor Vector Graphics ThorVG is a production-ready vector graphics engine. Prior to version 1.0.5, a null pointer dereference in SvgLoader::run allows any caller that passes untrusted SVG data to Picture::load to crash the process with a 6-byte payload. This issue has been patched in version 1.0.5...

Eclipse Jetty ConcatServlet - Information Disclosure

Eclipse Jetty through 9.4.40, through 10.0.2, and through 11.0.2 is susceptible to information disclosure. Requests to the ConcatServlet with a doubly encoded path can access protected resources within the WEB-INF directory, thus enabling an attacker to potentially obtain sensitive information,...

CVE-2026-48208

An improper neutralization of active SVG content in OTRS or OTRS Community Edition ticket article rendering allows attackers to inject specially crafted SVG payloads via email content, leading to browser-side resource exhaustion and denial of service when affected tickets are opened by an agent o...

CVE-2026-48208

An improper neutralization of active SVG content in OTRS or OTRS Community Edition ticket article rendering allows attackers to inject specially crafted SVG payloads via email content, leading to browser-side resource exhaustion and denial of service when affected tickets are opened by an agent o...