Lucene search
K

1054 matches found

EUVD
EUVD
added 2026/01/28 8:1 p.m.6 views

EUVD-2025-206441

Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal CKEditor 5 Premium Features allows Functionality Bypass.This issue affects CKEditor 5 Premium Features: from 0.0.0 before 1.2.10, from 1.3.0 before 1.3.6, from 1.4.0 before 1.4.3, from 1.5.0 before 1.5.1, from 1.6.0...

5.3CVSS5.9AI score0.00234EPSS
Exploits0References1
CVE
CVE
added 2026/01/28 8:1 p.m.14 views

CVE-2025-13980

CVE-2025-13980 is an authentication bypass in Drupal CKEditor 5 Premium Features. Affected versions include CKEditor 5 Premium Features before 1.2.10, 1.3.0 before 1.3.6, 1.4.0 before 1.4.3, 1.5.0 before 1.5.1, and 1.6.0 before 1.6.4. The root cause is an authentication bypass via an alternate pa...

5.3CVSS5.9AI score0.00234EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/01/28 8:1 p.m.4 views

CVE-2025-13980

Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal CKEditor 5 Premium Features allows Functionality Bypass.This issue affects CKEditor 5 Premium Features: from 0.0.0 before 1.2.10, from 1.3.0 before 1.3.6, from 1.4.0 before 1.4.3, from 1.5.0 before 1.5.1, from 1.6.0...

5.9AI score0.00234EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/01/28 12:0 a.m.4 views

PT-2026-5199

Name of the Vulnerable Software and Affected Versions Drupal CKEditor 5 Premium Features versions 0.0.0 through 1.2.9 Drupal CKEditor 5 Premium Features versions 1.3.0 through 1.3.5 Drupal CKEditor 5 Premium Features versions 1.4.0 through 1.4.2 Drupal CKEditor 5 Premium Features versions 1.5.0...

5.3CVSS5.4AI score0.00234EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/01/28 12:0 a.m.7 views

Drupal CKEditor 5 Premium Features: Security Vulnerabilities

Drupal CKEditor 5 Premium Features is an editor extension module within the Drupal community. There are security vulnerabilities in Drupal CKEditor 5 Premium Features, which stem from using alternative paths or channels to bypass authentication, potentially leading to functionality bypasses. The...

5.3CVSS5.8AI score0.00234EPSS
Exploits0References1
vulnersOsv
vulnersOsv
added 2026/01/21 11:1 p.m.11 views

org.webjars.npm:chevrotain (=11.0.3), org.webjars.npm:chevrotain__cst-dts-gen (=11.0.3) +71 more potentially affected by CVE-2025-13465 via org.webjars.npm:lodash-es (=4.17.21)

org.webjars.npm:lodash-es MAVEN version =4.17.21 is affected by a known vulnerability. The following packages have a transitive dependency on org.webjars.npm:lodash-es and may be impacted: - org.webjars.npm:chevrotain =11.0.3 - org.webjars.npm:chevrotaincst-dts-gen =11.0.3 -...

8.2CVSS6.6AI score0.01535EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/01/09 12:33 p.m.6 views

CVE-2023-31541

A unrestricted file upload vulnerability was discovered in the ‘Browse and upload images’ feature of the CKEditor v1.2.3 plugin for Redmine, which allows arbitrary files to be uploaded to the server...

9.8CVSS7.2AI score0.01419EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:54 a.m.11 views

CVE-2020-23044

DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting XSS vulnerabilities in the component filepicview.php via the activepath, keyword, tag, fmdo=x, CKEditor and CKEditorFuncNum parameters...

5.4CVSS6.4AI score0.00562EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 8:54 a.m.9 views

CVE-2021-41164

CKEditor4 is an open source WYSIWYG HTML editor. In affected versions a vulnerability has been discovered in the Advanced Content Filter ACF module and may affect all plugins used by CKEditor 4. The vulnerability allowed to inject malformed HTML bypassing content sanitization, which could result ...

8.2CVSS6.2AI score0.01257EPSS
Exploits0References1
OSV
OSV
added 2025/12/03 6:48 p.m.27 views

DRUPAL-CONTRIB-2025-118

The module provides instant integration of the official CKEditor 5 Premium plugins into the Drupal editor configuration. This module has a path traversal vulnerability, which allows an access bypass to restricted image files in the system. This access bypass is possible for any account with a Vie...

5.3CVSS6.7AI score0.00234EPSS
Exploits0References1
Drupal
Drupal
added 2025/12/03 12:0 a.m.14 views

CKEditor 5 Premium Features - Moderately critical - Access bypass - SA-CONTRIB-2025-118

The module provides instant integration of the official CKEditor 5 Premium plugins into the Drupal editor configuration. This module has a path traversal vulnerability, which allows an access bypass to restricted image files in the system. This access bypass is possible for any account with a Vie...

5.3CVSS5.6AI score0.00234EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/12/02 12:19 a.m.5 views

CVE-2025-65840

PublicCMS V5.202506.b is vulnerable to Cross Site Request Forgery CSRF in the CkEditorAdminController...

8.8CVSS6.9AI score0.0015EPSS
Exploits1References1
NVD
NVD
added 2025/12/01 9:15 p.m.3 views

CVE-2025-65840

PublicCMS V5.202506.b is vulnerable to Cross Site Request Forgery CSRF in the CkEditorAdminController...

8.8CVSS0.0015EPSS
Exploits1References2
OSV
OSV
added 2025/12/01 12:0 a.m.5 views

CVE-2025-65840

PublicCMS V5.202506.b is vulnerable to Cross Site Request Forgery CSRF in the CkEditorAdminController...

8.8CVSS6.8AI score0.0015EPSS
Exploits1References4
OpenVAS
OpenVAS
added 2025/11/14 12:0 a.m.13 views

CKEditor <= 46.1.0 Reflected XSS Vulnerability

CKEditor 5 is prone to a reflected cross-site scripting XSS vulnerability when used with Angular. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-on...

5.4CVSS6AI score0.0026EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2025/11/13 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2025-61261

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A reflected cross-site scripting XSS vulnerability in CKeditor v46.1.0 & Angular v18.0.0 allows attackers to execute arbitrary code in the context of a user's...

5.4CVSS6.3AI score0.0026EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2025/11/12 9:28 a.m.4 views

CVE-2025-61261

A reflected cross-site scripting XSS vulnerability has been identified in CKeditor allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload...

5.4CVSS6.1AI score0.0026EPSS
Exploits1References2
EUVD
EUVD
added 2025/11/07 9:31 p.m.4 views

EUVD-2025-38297

A reflected cross-site scripting XSS vulnerability in CKeditor v46.1.0 & Angular v18.0.0 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload...

5.4CVSS5.8AI score0.0026EPSS
Exploits1References4
NVD
NVD
added 2025/11/07 7:16 p.m.4 views

CVE-2025-61261

A reflected cross-site scripting XSS vulnerability in CKeditor v46.1.0 & Angular v18.0.0 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload...

5.4CVSS0.0026EPSS
Exploits1References2
UbuntuCve
UbuntuCve
added 2025/11/07 7:16 p.m.4 views

CVE-2025-61261

A reflected cross-site scripting XSS vulnerability in CKeditor v46.1.0 & Angular v18.0.0 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload...

5.4CVSS6.1AI score0.0026EPSS
Exploits1References3
Rows per page
Query Builder