GHSA-c43v-4cr8-6mvp: Craft CMS has authenticated path traversal in `assets/icon`, allowing local `.svg` file read
An authenticated path traversal vulnerability exists in Craft CMS in the assets/icon endpoint, allowing local .svg file read by manipulating the extension parameter. The issue arises because file…
Read the full articleYou might also wanna read
CVE-2026-48800 Bypass: Path Traversal Vulnerability Discovered in Notepad++ v8.9.6.1
## Vulnerability Summary **Product**: Notepad++ v8.9.6.1 (latest patched version) **Type**: CWE-42 (Path Traversal) / CWE-59 (Improper Link
Vulnerability in Helm Charts Allows Local Code Execution Through Crafted Files
A Helm contributor discovered that a specially crafted `Chart.yaml` file along with a specially linked `Chart.lock` file can lead to local c
SVG Clickjacking: A New Technique for Advanced Interactive Attacks and Data Exfiltration
A novel and powerful twist on an old classic.
Adobe Acrobat Reader CVE: Active exploitation via prototype pollution
Adobe Acrobat vulnerability CVE-2026-34621 is being actively exploited through malicious PDFs. Learn how this prototype pollution attack wor
Scratch's ongoing security challenges with SVG sanitization
Scratch has a long history of SVG-related vulnerabilities. The source of these is that Scratch parses user-generated (ie. attacker-controlle
Exploring the Underutilized Potential of SVG Vector Graphics
SVGs are pretty cool - vector graphics in a simple XML format. They are supported on just about every device and platform, are crisp on ever

Comments
Sign in to join the conversation.
No comments yet. Be the first.