CVE-2025-13980

Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal CKEditor 5 Premium Features allows Functionality Bypass.This issue affects CKEditor 5 Premium Features: from 0.0.0 before 1.2.10, from 1.3.0 before 1.3.6, from 1.4.0 before 1.4.3, from 1.5.0 before 1.5.1, from 1.6.0...

EUVD-2025-206441

Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal CKEditor 5 Premium Features allows Functionality Bypass.This issue affects CKEditor 5 Premium Features: from 0.0.0 before 1.2.10, from 1.3.0 before 1.3.6, from 1.4.0 before 1.4.3, from 1.5.0 before 1.5.1, from 1.6.0...

Drupal CKEditor 5 Premium Features: Security Vulnerabilities

Drupal CKEditor 5 Premium Features is an editor extension module within the Drupal community. There are security vulnerabilities in Drupal CKEditor 5 Premium Features, which stem from using alternative paths or channels to bypass authentication, potentially leading to functionality bypasses. The...

EUVD-2024-51459

Malicious code in bioql PyPI...

CVE-2024-13245

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Drupal CKEditor 4 LTS - WYSIWYG HTML editor allows Cross-Site Scripting XSS.This issue affects CKEditor 4 LTS - WYSIWYG HTML editor: from 1.0.0 before 1.0.1...

CVE-2024-13245

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Drupal CKEditor 4 LTS - WYSIWYG HTML editor allows Cross-Site Scripting XSS.This issue affects CKEditor 4 LTS - WYSIWYG HTML editor: from 1.0.0 before 1.0.1...

Security Bulletin: IBM API Connect is impacted by vulnerabilities in Drupal CKEditor (CVE-2021-26271, CVE-2021-26272)

Summary IBM API Connect has addressed the following vulnerabilities. Vulnerability Details CVEID: CVE-2021-26271 DESCRIPTION: CKEditor is vulnerable to a denial of service, caused by a regular expression denial of service ReDoS flaw in the Advanced Tab for Dialogs plugin. By persuading a victim t...

Security Bulletin: IBM API Connect is impacted by a vulnerability in Drupal CKEditor (CVE-2020-27193)

Summary IBM API Connect has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2020-27193 DESCRIPTION: CKSource CKEditor is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the Color Button dialog. A remote attacker could exploit thi...

Security Bulletin: IBM API Connect is impacted by a vulnerability in Drupal CKEditor (CVE-2021-33829)

Summary IBM API Connect has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2021-33829 DESCRIPTION: CKEditor is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to inject malicious...