EUVD-2026-32922

TinyMCE Cross-Site Scripting XSS vulnerability using media plugin data-mce-object injection...

UBUNTU-CVE-2026-47759

TinyMCE is an open source rich text editor. Prior to 5.11.1, 7.9.3, and 8.5.1, there is a stored XSS vulnerability via unsanitized data-mce- attributes data-mce-href, data-mce-src, data-mce-style. Allows attackers to inject malicious values that override safe attributes during serialization,...

CVE-2026-47762

TinyMCE is an open source rich text editor. Prior to 5.11.1, 7.9.3, and 8.5.1, there is a stored XSS vulnerability via forged mce:protected comments. Allows attackers to bypass sanitization and inject scripts that execute when content is restored. Impacts users who utilize the protect option. Thi...

CVE-2026-47762 TinyMCE Cross-Site Scripting (XSS) vulnerability through `mce:protected` comments

TinyMCE is an open source rich text editor. Prior to 5.11.1, 7.9.3, and 8.5.1, there is a stored XSS vulnerability via forged mce:protected comments. Allows attackers to bypass sanitization and inject scripts that execute when content is restored. Impacts users who utilize the protect option. Thi...

CVE-2026-47761

Summary: CVE-2026-47761 is a stored XSS vulnerability in TinyMCE’s media plugin, triggered by crafted data-mce-* attributes during content rendering. Affected software: TinyMCE (open source rich text editor); affected version range prior to 5.11.1, 7.9.3, and 8.5.1. Root cause/Vector: Media plugi...

PT-2026-44391

Name of the Vulnerable Software and Affected Versions TinyMCE versions prior to 5.11.1 TinyMCE versions prior to 7.9.3 TinyMCE versions prior to 8.5.1 Description A stored Cross-Site Scripting XSS issue exists via forged mce:protected comments. This allows attackers to bypass sanitization and...

Cross-site Request Forgery (CSRF)

Overview UmbracoCms is a package that installs Umbraco Cms in your Visual Studio ASP.NET project Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF which allows an attacker to perform arbitrary web requests with the identity of the victim, e.g. in order to...

CVE-2021-28817

The Windows Installation component of TIBCO Software Inc.'s TIBCO Rendezvous and TIBCO Rendezvous Developer Edition contains a vulnerability that theoretically allows a low privileged attacker with local access on some versions of the Windows operating system to insert malicious software. The...

CA Unified Infrastructure Management Hardcoded Key Vulnerability

CA Unified Infrastructure Management is a powerful unified IT monitoring solution that helps organizations deliver reliable, flexible IT services. A hard-coded key vulnerability exists in CA Unified Infrastructure Management 8.5.1, 8.5, and 8.4.7, which can be exploited by an attacker to access...

Unspecified Vulnerability in Oracle Hospitality Reporting and Analytics Component (CNVD-2018-01713)

Oracle Hospitality Applications is a suite of business applications, servers, and storage solutions for hotel management from Oracle Corporation. The solution provides human resources cost management, provide customer service throughout the journey tracking management to improve customer...

CVE-2018-2669

Vulnerability in the Oracle Hospitality Reporting and Analytics component of Oracle Hospitality Applications subcomponent: Report. Supported versions that are affected are 8.5.1 and 9.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise...

CVE-2016-2966

IBM Sametime 8.5.1 and 9.0 could allow an authenticated user to enumerate meeting rooms by guessing the meeting room id. IBM X-Force ID: 113847...

Oracle Hospitality Inventory Management Remote Vulnerability

Oracle Hospitality Applications is a suite of business applications, servers, and storage solutions for hotel management from Oracle Corporation. The solution provides human resources cost management, provide customers with the entire journey to track the management of services to improve custome...

Cisco WebEx Meetings for Android Access Bypass Vulnerability

Cisco WebEx Meetings for Android are a set of web-based online meeting applications for the WebEx Meetings solution from Cisco USA based on the Android platform. A security vulnerability exists in Cisco WebEx Meetings for Android versions prior to 8.5.1, which can be exploited by an attacker to...

CVE-2013-3821

Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.51, 8.52, and 8.53 allows remote attackers to affect confidentiality and availability via unknown vectors related to Integration Broker...