EUVD-2021-1044

Malware in sbrugna...

EUVD-2018-10889

Malware in sbrugna...

EUVD-2025-26646

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2022-31175

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - CKEditor 5 is a JavaScript rich text editor. A cross-site scripting vulnerability has been discovered affecting three optional CKEditor 5's packages in versions...

CVE-2025-58064

CKEditor 5 is a modern JavaScript rich-text editor with an MVC architecture. ckeditor5 and ckeditor5-clipboard versions 46.0.0 through 46.0.2 and 44.2.0 through 45.2.1 contain a Cross-Site Scripting XSS vulnerability. Ability to exploit could be triggered by a specific user action leading to...

CVE-2025-58064

CKEditor 5 is a modern JavaScript rich-text editor with an MVC architecture. ckeditor5 and ckeditor5-clipboard versions 46.0.0 through 46.0.2 and 44.2.0 through 45.2.1 contain a Cross-Site Scripting XSS vulnerability. Ability to exploit could be triggered by a specific user action leading to...

Cross-site Scripting (XSS)

Overview @ckeditor/ckeditor5-clipboard is a Clipboard integration feature for CKEditor 5. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the viewToPlainText function in the utils/viewtoplaintext.ts file. An attacker can execute unauthorized JavaScript code by...

CVE-2025-58064 CKEditor is susceptible to Cross-Site Scripting (XSS) through its clipboard package

CKEditor 5 is a modern JavaScript rich-text editor with an MVC architecture. ckeditor5 and ckeditor5-clipboard versions 46.0.0 through 46.0.2 and 44.2.0 through 45.2.1 contain a Cross-Site Scripting XSS vulnerability. Ability to exploit could be triggered by a specific user action leading to...

CVE-2025-58064 CKEditor is susceptible to Cross-Site Scripting (XSS) through its clipboard package

CKEditor 5 is a modern JavaScript rich-text editor with an MVC architecture. ckeditor5 and ckeditor5-clipboard versions 46.0.0 through 46.0.2 and 44.2.0 through 45.2.1 contain a Cross-Site Scripting XSS vulnerability. Ability to exploit could be triggered by a specific user action leading to...

CKEditor 5 cross-site scripting (XSS) vulnerability in the clipboard package

Impact A Cross-Site Scripting XSS vulnerability has been discovered in the CKEditor 5 clipboard package. This vulnerability could be triggered by a specific user action, leading to unauthorized JavaScript code execution, if the attacker managed to insert a malicious content into the editor, which...

PT-2025-35839

Name of the Vulnerable Software and Affected Versions: ckeditor5 versions 44.2.0 through 45.2.1 ckeditor5 versions 46.0.0 through 46.0.2 ckeditor5-clipboard versions 44.2.0 through 45.2.1 ckeditor5-clipboard versions 46.0.0 through 46.0.2 Description: CKEditor 5 is a modern JavaScript rich-text...

The vulnerability of the General HTML Support function (GHS) and the HTML embed panel in the Block Toolbar of the CKEditor editor allows attackers to execute XSS attacks.

The vulnerability of the General HTML Support function and the HTML embed panel in the Block Toolbar WYSIWYG-editor CKEditor is related to the lack of measures taken to protect the structure of web pages. Exploiting this vulnerability may allow a malicious actor to carry out XSS attacks remotely...

GHSA-RGG8-G5X8-WR9V Cross-site scripting (XSS) in the clipboard package

Impact During a recent internal audit, we identified a Cross-Site Scripting XSS vulnerability in the CKEditor 5 clipboard package. This vulnerability could be triggered by a specific user action, leading to unauthorized JavaScript code execution, if the attacker managed to insert a malicious...

CVE-2024-45613

CKEditor 5 is a JavaScript rich-text editor. Starting in version 40.0.0 and prior to version 43.1.1, a Cross-Site Scripting XSS vulnerability is present in the CKEditor 5 clipboard package. This vulnerability could be triggered by a specific user action, leading to unauthorized JavaScript code...

CVE-2024-45613 CKEditor 5 has Cross-site Scripting vulnerability in the clipboard package

CKEditor 5 is a JavaScript rich-text editor. Starting in version 40.0.0 and prior to version 43.1.1, a Cross-Site Scripting XSS vulnerability is present in the CKEditor 5 clipboard package. This vulnerability could be triggered by a specific user action, leading to unauthorized JavaScript code...

PT-2024-31709 · Unknown · Ckeditor 5

Name of the Vulnerable Software and Affected Versions: CKEditor 5 versions 40.0.0 through 43.1.1 Description: A Cross-Site Scripting XSS issue is present in the CKEditor 5 clipboard package, which could be triggered by a specific user action, leading to unauthorized JavaScript code execution if a...

CKEditor 5 35.4.0 - Cross-Site Scripting (XSS)

Exploit Title: CKEditor 5 35.4.0 - Cross-Site Scripting XSS Google Dork: N/A Date: February 09, 2023 Exploit Author: Manish Pathak Vendor Homepage: https://cksource.com/ Software Link: https://ckeditor.com/ckeditor-5/download/ Version: 35.4.0 Tested on: Linux / Web CVE : CVE-2022-48110 CKSource...

CKEditor 5 35.4.0 - Cross-Site Scripting Vulnerability

Exploit Title: CKEditor 5 35.4.0 - Cross-Site Scripting XSS Exploit Author: Manish Pathak Vendor Homepage: https://cksource.com/ Software Link: https://ckeditor.com/ckeditor-5/download/ Version: 35.4.0 Tested on: Linux / Web CVE : CVE-2022-48110 CKSource CKEditor5 35.4.0 was discovered to contain...

CVE-2022-48110

CKSource CKEditor 5 35.4.0 was discovered to contain a cross-site scripting XSS vulnerability via the Full Featured CKEditor5 widget. NOTE: the vendor's position is that this is not a vulnerability. The CKEditor 5 documentation discusses that it is the responsibility of an integrator who is addin...

2read-ckeditor5-custom-build (>=25.0.0 <=25.1.2), @8trhieu/ckeditor5-build-classic-custom (>=0.0.1 <=0.0.5) +213 more potentially affected by CVE-2022-31175 via @ckeditor/ckeditor5-html-embed (>=0.0.0-internal-20241017.0 <=34.2.0)

@ckeditor/ckeditor5-html-embed NPM version =0.0.0-internal-20241017.0, =25.0.0, =0.0.1, =1.0.7, =34.1.0, =0.0.0-internal-20241017.0, =0.0.0-internal-20241017.0, =0.0.0-internal-20241017.0, =0.0.0-internal-20241017.0, =0.0.0-internal-20241017.0, =0.0.0-internal-20241017.0,...