1054 matches found
EUVD-2025-206441
Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal CKEditor 5 Premium Features allows Functionality Bypass.This issue affects CKEditor 5 Premium Features: from 0.0.0 before 1.2.10, from 1.3.0 before 1.3.6, from 1.4.0 before 1.4.3, from 1.5.0 before 1.5.1, from 1.6.0...
CVE-2025-13980
CVE-2025-13980 is an authentication bypass in Drupal CKEditor 5 Premium Features. Affected versions include CKEditor 5 Premium Features before 1.2.10, 1.3.0 before 1.3.6, 1.4.0 before 1.4.3, 1.5.0 before 1.5.1, and 1.6.0 before 1.6.4. The root cause is an authentication bypass via an alternate pa...
CVE-2025-13980
Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal CKEditor 5 Premium Features allows Functionality Bypass.This issue affects CKEditor 5 Premium Features: from 0.0.0 before 1.2.10, from 1.3.0 before 1.3.6, from 1.4.0 before 1.4.3, from 1.5.0 before 1.5.1, from 1.6.0...
PT-2026-5199
Name of the Vulnerable Software and Affected Versions Drupal CKEditor 5 Premium Features versions 0.0.0 through 1.2.9 Drupal CKEditor 5 Premium Features versions 1.3.0 through 1.3.5 Drupal CKEditor 5 Premium Features versions 1.4.0 through 1.4.2 Drupal CKEditor 5 Premium Features versions 1.5.0...
Drupal CKEditor 5 Premium Features: Security Vulnerabilities
Drupal CKEditor 5 Premium Features is an editor extension module within the Drupal community. There are security vulnerabilities in Drupal CKEditor 5 Premium Features, which stem from using alternative paths or channels to bypass authentication, potentially leading to functionality bypasses. The...
org.webjars.npm:chevrotain (=11.0.3), org.webjars.npm:chevrotain__cst-dts-gen (=11.0.3) +71 more potentially affected by CVE-2025-13465 via org.webjars.npm:lodash-es (=4.17.21)
org.webjars.npm:lodash-es MAVEN version =4.17.21 is affected by a known vulnerability. The following packages have a transitive dependency on org.webjars.npm:lodash-es and may be impacted: - org.webjars.npm:chevrotain =11.0.3 - org.webjars.npm:chevrotaincst-dts-gen =11.0.3 -...
CVE-2023-31541
A unrestricted file upload vulnerability was discovered in the ‘Browse and upload images’ feature of the CKEditor v1.2.3 plugin for Redmine, which allows arbitrary files to be uploaded to the server...
CVE-2020-23044
DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting XSS vulnerabilities in the component filepicview.php via the activepath, keyword, tag, fmdo=x, CKEditor and CKEditorFuncNum parameters...
CVE-2021-41164
CKEditor4 is an open source WYSIWYG HTML editor. In affected versions a vulnerability has been discovered in the Advanced Content Filter ACF module and may affect all plugins used by CKEditor 4. The vulnerability allowed to inject malformed HTML bypassing content sanitization, which could result ...
DRUPAL-CONTRIB-2025-118
The module provides instant integration of the official CKEditor 5 Premium plugins into the Drupal editor configuration. This module has a path traversal vulnerability, which allows an access bypass to restricted image files in the system. This access bypass is possible for any account with a Vie...
CKEditor 5 Premium Features - Moderately critical - Access bypass - SA-CONTRIB-2025-118
The module provides instant integration of the official CKEditor 5 Premium plugins into the Drupal editor configuration. This module has a path traversal vulnerability, which allows an access bypass to restricted image files in the system. This access bypass is possible for any account with a Vie...
CVE-2025-65840
PublicCMS V5.202506.b is vulnerable to Cross Site Request Forgery CSRF in the CkEditorAdminController...
CVE-2025-65840
PublicCMS V5.202506.b is vulnerable to Cross Site Request Forgery CSRF in the CkEditorAdminController...
CVE-2025-65840
PublicCMS V5.202506.b is vulnerable to Cross Site Request Forgery CSRF in the CkEditorAdminController...
CKEditor <= 46.1.0 Reflected XSS Vulnerability
CKEditor 5 is prone to a reflected cross-site scripting XSS vulnerability when used with Angular. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-on...
Linux Distros Unpatched Vulnerability : CVE-2025-61261
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A reflected cross-site scripting XSS vulnerability in CKeditor v46.1.0 & Angular v18.0.0 allows attackers to execute arbitrary code in the context of a user's...
CVE-2025-61261
A reflected cross-site scripting XSS vulnerability has been identified in CKeditor allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload...
EUVD-2025-38297
A reflected cross-site scripting XSS vulnerability in CKeditor v46.1.0 & Angular v18.0.0 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload...
CVE-2025-61261
A reflected cross-site scripting XSS vulnerability in CKeditor v46.1.0 & Angular v18.0.0 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload...
CVE-2025-61261
A reflected cross-site scripting XSS vulnerability in CKeditor v46.1.0 & Angular v18.0.0 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload...