UBUNTU-CVE-2026-47762

TinyMCE is an open source rich text editor. Prior to 5.11.1, 7.9.3, and 8.5.1, there is a stored XSS vulnerability via forged mce:protected comments. Allows attackers to bypass sanitization and inject scripts that execute when content is restored. Impacts users who utilize the protect option. Thi...

CVE-2026-47761 TinyMCE Cross-Site Scripting (XSS) vulnerability using media plugin `data-mce-object` injection

TinyMCE is an open source rich text editor. Prior to 5.11.1, 7.9.3, and 8.5.1, there is a stored XSS vulnerability in the media plugin. Attackers can inject malicious scripts via crafted data-mce- attributes, which are executed when content is rendered. Impacts users of TinyMCE with the media...

PT-2026-44390

Name of the Vulnerable Software and Affected Versions TinyMCE versions prior to 5.11.1 TinyMCE versions prior to 7.9.3 TinyMCE versions prior to 8.5.1 Description A stored Cross-Site Scripting XSS issue exists in the media plugin. Attackers can inject malicious scripts using specially crafted...

WordPress Meta Box – WordPress Custom Fields Framework plugin <= 5.11.1 - Arbitrary File Deletion vulnerability

Arbitrary File Deletion vulnerability discovered by Nguyen Ba Khanh in WordPress Plugin Meta Box – WordPress Custom Fields Framework versions = 5.11.1...

EUVD-2025-208353

The Meta Box plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'ajaxdeletefile' function in all versions up to, and including, 5.11.1. This makes it possible for authenticated attackers, with Contributor-level access and above, to delete...

CVE-2025-14675

The Meta Box WordPress plugin is affected by CVE-2025-14675 due to insufficient file path validation in the ajax_delete_file function, exposing all versions up to 5.11.1 to arbitrary file deletion. An authenticated attacker with Contributor-level access or higher can delete arbitrary files on the...

PT-2026-20841

Name of the Vulnerable Software and Affected Versions SPIP Saisies plugin versions 5.4.0 through 5.11.0 Description The 'Saisies pour formulaire' Saisies plugin for SPIP contains a critical Remote Code Execution RCE issue. An attacker can exploit this issue to execute arbitrary code on the server...

WordPress TheGem Theme Elements (for Elementor) plugin <= 5.11.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin TheGem Theme Elements for Elementor versions = 5.11.0...

WordPress TheGem Theme Elements (for Elementor) plugin <= 5.11.0 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin TheGem Theme Elements for Elementor versions = 5.11.0...

EUVD-2022-1514

Malicious code in bioql PyPI...

EUVD-2023-45471

Malicious code in bioql PyPI...

CVE-2022-0145

Cross-site Scripting XSS - Stored in GitHub repository forkcms/forkcms prior to 5.11.1...

CVE-2025-30966 WordPress WPJobBoard plugin < 5.11.1 - Path Traversal vulnerability

Path Traversal vulnerability in NotFound WPJobBoard allows Path Traversal. This issue affects WPJobBoard: from n/a through n/a...

CVE-2022-0153

SQL Injection in GitHub repository forkcms/forkcms prior to 5.11.1...

CVE-2024-54819

I, Librarian before and including 5.11.1 is vulnerable to Server-Side Request Forgery SSRF due to improper input validation in classes/security/validation.php...

CVE-2024-41943 I, Librarian Stored XSS vulnerability in Item Summary

I, Librarian is an open-source version of a PDF managing SaaS. PDF notes are displayed on the Item Summary page without any form of validation or sanitation. An attacker can exploit this vulnerability by inserting a payload in the PDF notes that contains malicious code or script. This code will...

CVE-2024-41943 I, Librarian Stored XSS vulnerability in Item Summary

I, Librarian is an open-source version of a PDF managing SaaS. PDF notes are displayed on the Item Summary page without any form of validation or sanitation. An attacker can exploit this vulnerability by inserting a payload in the PDF notes that contains malicious code or script. This code will...

CVE-2024-41943

CVE-2024-41943 affects I, Librarian (open-source PDF management SaaS). The issue is a Stored XSS: PDF notes displayed on the Item Summary page are not validated or sanitized, allowing an attacker to insert a payload in notes that executes when the page loads in a browser. Root cause: lack of inpu...

CVE-2023-40931

A SQL injection vulnerability in Nagios XI from version 5.11.0 up to and including 5.11.1 allows authenticated attackers to execute arbitrary SQL commands via the ID parameter in the POST request to /nagiosxi/admin/bannermessage-ajaxhelper.php...

Sql injection

A SQL injection vulnerability in Nagios XI from version 5.11.0 up to and including 5.11.1 allows authenticated attackers to execute arbitrary SQL commands via the ID parameter in the POST request to /nagiosxi/admin/bannermessage-ajaxhelper.php...