@jhoward1994/strapi-plugin-ckeditor (>=0.0.1 <=0.0.1-rc5), @strapi/admin (=0.0.0-experimental.6dbac0c205b0f8495781db5706c18cac1a62e62b) +3 more potentially affected by CVE-2025-25298 via @strapi/core (>=0.0.0-experimental.a13c58eec89ab119f0e381fb79c0252979e9c125 <=5.10.2)

@strapi/core NPM version =0.0.0-experimental.a13c58eec89ab119f0e381fb79c0252979e9c125, =0.0.1, =0.0.0-experimental.0af49f5c5ec496b0fad61ac9bfd4d0127b89d8d3, =5.10.2 - custom-strapi-plugin-socket =1.0.2 Source cves: CVE-2025-25298 Source advisory: OSV:GHSA-2CJV-6WG9-F4F3...

EUVD-2014-5089

Malware in sbrugna...

EUVD-2023-2129

Malicious code in bioql PyPI...

EUVD-2024-41459

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2020-9440

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A cross-site scripting XSS vulnerability in the WSC plugin through 5.5.7.5 for CKEditor 4 allows remote attackers to run arbitrary web script inside an IFRAME...

CVE-2024-45400

ckeditor-plugin-openlink is a plugin for the CKEditor JavaScript text editor that extends the context menu with a possibility to open a link in a new tab. A vulnerability in versions of the plugin prior to 1.0.7 allowed a user to execute JavaScript code by abusing the link href attribute. The fix...

PT-2025-4772 · Xwiki · Xwiki Platform

Name of the Vulnerable Software and Affected Versions: XWiki Platform versions prior to 15.10.2 XWiki Platform versions prior to 16.4.1 XWiki Platform versions prior to 16.6.0-rc-1 Description: A user with only edit right can join a realtime editing session where others have script or programming...

PT-2024-38271 · Ckeditor +1 · Ckeditor +1

Name of the Vulnerable Software and Affected Versions: YouDianCMS version 7 Description: A critical issue was found in an unknown function of the file /Public/ckeditor/plugins/multiimage/dialogs/image upload.php. The manipulation of the files argument leads to unrestricted upload. It is possible ...

CVE-2024-37888

The CVE-2024-37888 issue affects the Open Link CKEditor plugin, impacting users of versions prior to 1.0.5. The vulnerability is a cross-site scripting (XSS) flaw that enables JavaScript execution via abuse of the link href attribute in the plugin’s open link functionality. Remediation per source...

CVE-2018-9861

Cross-site scripting XSS vulnerability in the Enhanced Image aka image2 plugin for CKEditor in versions 4.5.10 through 4.9.1; fixed in 4.9.2, as used in Drupal 8 before 8.4.7 and 8.5.x before 8.5.2 and other products, allows remote attackers to inject arbitrary web script through a crafted IMG...