EUVD-2023-32127

Malicious code in bioql PyPI...

EUVD-2022-29580

Malicious code in bioql PyPI...

CVE-2023-28439

CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A cross-site scripting vulnerability has been discovered affecting Iframe Dialog and Media Embed packages. The vulnerability may trigger a JavaScript code after fulfilling special conditions: using one of the affected packages ...

Linux Distros Unpatched Vulnerability : CVE-2021-41164

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - CKEditor4 is an open source WYSIWYG HTML editor. In affected versions a vulnerability has been discovered in the Advanced Content Filter ACF module and may affe...

CVE-2024-43411 CKEditor4 has a low risk cross-site scripting (XSS) vulnerability from domain takeover

CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A theoretical vulnerability has been identified in CKEditor 4.22 and above. In a highly unlikely scenario where an attacker gains control over the https://cke4.ckeditor.com domain, they could potentially execute an attack on...

@amplicode/addon-email-templates (>=0.0.1-snapshot.8 <=0.1.0-snapshot.1.6), @dankolz/news-flash (>=1.0.1 <=1.0.2) +9 more potentially affected by CVE-2023-4771 via ckeditor4 (>=4.14.0 <=4.22.1)

ckeditor4 NPM version =4.14.0, =0.0.1-snapshot.8, =1.0.1, =1.0.0, =1.0.0, =2.10.93, =2.10.0, =0.0.0, =1.0.36, =1.0.6, =1.0.59 Source cves: CVE-2023-4771 Source advisory: OSV:GHSA-WH5W-82F3-WRXH...

@amplicode/addon-email-templates (>=0.0.1-snapshot.8 <=0.1.0-snapshot.1.6), @dankolz/news-flash (>=1.0.1 <=1.0.2) +9 more potentially affected by CVE-2024-24815 via ckeditor4 (>=4.14.0 <=4.22.1)

ckeditor4 NPM version =4.14.0, =0.0.1-snapshot.8, =1.0.1, =1.0.0, =1.0.0, =2.10.93, =2.10.0, =0.0.0, =1.0.36, =1.0.6, =1.0.59 Source cves: CVE-2024-24815 Source advisory: OSV:GHSA-FQ6H-4G8V-QQVM...

CVE-2022-24728 Cross-site Scripting in CKEditor4

CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A vulnerability has been discovered in the core HTML processing module and may affect all plugins used by CKEditor 4 prior to version 4.18.0. The vulnerability allows someone to inject malformed HTML bypassing content...

Regular Expression Denial Of Service (ReDoS)

ckeditor4 is vulnerable to regular expression denial of service. An insecure usage of the regular expression allows an attacker to crash the user's browser through excessive memory consumption by tricking a user into pasting a malicious text into the Styles input in the Advanced Tab for Dialogs...