Syntax: kev:true severity:critical epss:>0.95 vendor:cisco patch:false
Filters
Severity
Exploitation
Data Source
Data Quality
Vendor
CWE — Weakness Type
Clear all
Top 20 matches Showing top matches — use filters or a more specific query to narrow
A local file disclosure vulnerability in the XInclude processing component of Inkscape 1.1 before 1.3 allows a remote attacker to read local files via a crafted SVG file containing malicious xi:includ
A security vulnerability has been detected in GPAC 26.03-DEV. Affected by this vulnerability is the function svgin_process of the file src/filters/load_svg.c of the component SVG Parser. The manipulat
A Stored Cross-Site Scripting (XSS) vulnerability exists in authenticated SVG file upload and viewing functionality in UJCMS 9.6.3. The vulnerability arises from insufficient sanitization of embedded
The '/api/v1/files/images/{flow_id}/{file_name}' endpoint serves SVG files with the 'image/svg+xml' content type without sanitizing their content. Since SVG files can contain embedded JavaScript, an
A vulnerability was found in Ascensio System SIA OnlyOffice up to 12.7.0. This issue affects some unknown processing of the file /Products/Projects/Messages.aspx of the component SVG Image Handler. Pe
A vulnerability has been found in Webkul Krayin CRM up to 2.1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/settings/users/edit/ of the
A security vulnerability has been detected in Scada-LTS 2.7.8.1. This issue affects some unknown processing of the file view_edit.shtm of the component SVG File Handler. Such manipulation of the argum
Snipe-IT 4.7.5 contains a persistent cross-site scripting vulnerability that allows authorized users to upload malicious SVG files with embedded JavaScript. Attackers can craft SVG files with script t
CVE-2024-6581
CRITICAL CVSS 9.0
Find Similar
A vulnerability in the discussion image upload function of the Lollms application, version v9.9, allows for the uploading of SVG files. Due to incomplete filtering in the sanitize_svg function, this c
CMS Made Simple 2.2.15 contains a stored cross-site scripting vulnerability that allows authenticated users with Content Manager access to inject malicious scripts through SVG file uploads. Attackers
A Local File Inclusion (LFI) and a Server-Side Request Forgery (SSRF) vulnerability was found in the InsertFromHtmlString() function of the Apryse HTML2PDF SDK thru 11.6.0. These vulnerabilities could
A vulnerability has been found in openDCIM 23.04. This vulnerability affects unknown code of the file /scripts/uploadifive.php of the component SVG File Handler. Such manipulation of the argument File
A stored cross-site scripting (XSS) vulnerability exists in the Portfolio feature of the Foxit PDF Editor cloud (pdfonline.foxit.com). User-supplied SVG files are not properly sanitized or validated b
A vulnerability classified as problematic was found in Grocy up to 4.2.0. This vulnerability affects unknown code of the file /api/files/recipepictures/ of the component SVG File Upload Handler. The m
Cross-Site Scripting (XSS) vulnerability in @cyntler/react-doc-viewer v1.17.1 allows remote attackers to execute arbitrary JavaScript via a crafted .txt file. The TXTRenderer component fails to saniti
Spip 4.1.10 contains a file upload vulnerability that allows attackers to upload malicious SVG files with embedded external links. Attackers can trick administrators into clicking a crafted SVG logo t
Jellyfin is an open source self hosted media server. The Jellyfin user profile image upload accepts SVG files, allowing for a stored XSS attack against an admin user via a specially crafted malicious
A local file inclusion vulnerability was identified in automatic1111/stable-diffusion-webui, affecting version git 82a973c. This vulnerability allows an attacker to read arbitrary files on the system
A flaw was found in GNU Emacs. This vulnerability, a memory corruption issue, occurs when Emacs processes specially crafted SVG (Scalable Vector Graphics) CSS (Cascading Style Sheets) data. A local us
Flare is a Next.js-based, self-hostable file sharing platform that integrates with screenshot tools. Versions 1.7.0 and below allow users to upload files without proper content validation or sanitizat
Page 1+ Next →