CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Cvelist•added 2026/04/04 7:41 a.m.•19 views

CVE-2025-15064 Ultimate Member <= 2.11.1 - Authenticated (Subscriber+) Stored Cross-Site Scripting via DOM Gadgets

6.4CVSS0.00012EPSS

ATTACKERKB•added 2026/04/04 7:41 a.m.•4 views

CVE-2025-15064

6.4CVSS6.1AI score0.00012EPSS

Tenable Nessus•added 2026/03/09 12:0 a.m.•4 views

Linux Distros Unpatched Vulnerability : CVE-2026-28343

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - CKEditor 5 is a modern JavaScript rich-text editor with an MVC architecture. Starting in version 29.0.0 and prior to version 47.6.0, a cross-site scripting XSS...

6.4CVSS5.7AI score0.00049EPSS

RedhatCVE•added 2026/03/05 9:49 p.m.•5 views

CVE-2026-28343

A flaw was found in CKEditor. This cross-site scripting XSS vulnerability in the General HTML Support feature allows an attacker to execute unauthorized JavaScript code. This can occur by inserting specially crafted markup if the editor instance is configured with unsafe General HTML Support...

NVD•added 2026/03/05 8:16 p.m.•3 views

CVE-2026-28343

CKEditor 5 is a modern JavaScript rich-text editor with an MVC architecture. Starting in version 29.0.0 and prior to version 47.6.0, a cross-site scripting XSS vulnerability has been discovered in the General HTML Support feature. This vulnerability could be triggered by inserting specially craft...

6.4CVSS0.00049EPSS

UbuntuCve•added 2026/03/05 8:16 p.m.•1 views

CVE-2026-28343

6.4CVSS5.7AI score0.00049EPSS

OSV•added 2026/03/05 8:16 p.m.•3 views

UBUNTU-CVE-2026-28343

Cvelist•added 2026/03/05 7:42 p.m.•32 views

Exploits0References4

CVE-2026-28343 CKEditor: Cross-site scripting (XSS) in the HTML Support package

6.4CVSS0.00049EPSS

OSV•added 2026/03/05 7:42 p.m.•1 views

CVE-2026-28343 CKEditor: Cross-site scripting (XSS) in the HTML Support package

Vulnrichment•added 2026/03/05 7:42 p.m.•1 views

Exploits0References5

CVE-2026-28343 CKEditor: Cross-site scripting (XSS) in the HTML Support package

ATTACKERKB•added 2026/03/05 7:42 p.m.•2 views

CVE-2026-28343

Exploits0References4Affected Software1

CNNVD•added 2026/03/05 12:0 a.m.•2 views

CKEditor 跨站脚本漏洞

CKEditor is an open-source enterprise-level WYSIWYG editor developed by CKEditor. Versions of CKEditor prior to 47.6.0 contained a cross-site scripting vulnerability. This vulnerability stemmed from the General HTML Support feature, which allowed cross-site scripting, potentially enabling the...

vulnersOsv•added 2026/03/04 6:49 p.m.•10 views

Exploits0References4

@_sh/strapi-plugin-ckeditor (>=7.0.0 <=7.1.0), @ckeditor/ckeditor5-adapter-ckfinder (>=47.0.0 <=47.6.0-alpha.9) +94 more potentially affected by CVE-2026-28343 via @ckeditor/ckeditor5-html-support (>=47.0.0-alpha.0 <=47.6.0-alpha.9)

@ckeditor/ckeditor5-html-support NPM version =47.0.0-alpha.0, =7.0.0, =47.0.0, =47.0.0, =47.0.0, =47.0.0, =47.0.0, =47.0.0, =47.0.0, =47.0.0, =47.0.0, =47.0.0, =47.0.0, =47.0.0, =47.0.0, =47.0.0, =47.6.0-alpha.9 and more Source cves: CVE-2026-28343 Source advisory:...

Snyk•added 2026/03/04 6:49 p.m.•2 views

Exploits0

Cross-site Scripting (XSS)

Overview @ckeditor/ckeditor5-engine is a The editing engine of CKEditor 5 – the best browser-based rich text editor. Affected versions of this package are vulnerable to Cross-site Scripting XSS via its unsafe htmlSupport configuration. An attacker can execute unauthorized JavaScript in the editor...

OSV•added 2026/03/04 6:49 p.m.•1 views

GHSA-JRQM-VMQC-GM93 CKEditor 5 has Cross-site Scripting (XSS) in the HTML Support package

Impact A Cross-Site Scripting XSS vulnerability has been discovered in the General HTML Support feature. This vulnerability could be triggered by inserting specially crafted markup, leading to unauthorized JavaScript code execution, if the editor instance used an unsafe General HTML Support...

6.4CVSS6AI score0.00049EPSS

Exploits0References5

Snyk•added 2026/03/04 6:49 p.m.•3 views

Cross-site Scripting (XSS)

Overview @ckeditor/ckeditor5-html-support is a HTML Support feature for CKEditor 5. Affected versions of this package are vulnerable to Cross-site Scripting XSS via its unsafe htmlSupport configuration. An attacker can execute unauthorized JavaScript in the editor context by inserting specially...

Tenable Nessus•added 2025/09/10 12:0 a.m.•2 views

Linux Distros Unpatched Vulnerability : CVE-2022-31175

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - CKEditor 5 is a JavaScript rich text editor. A cross-site scripting vulnerability has been discovered affecting three optional CKEditor 5's packages in versions...

5.8CVSS5.9AI score0.00839EPSS