CVE-2025-15064

The affected component is the Ultimate Member WordPress plugin. It is vulnerable in all versions up to 2.11.1 due to insufficient input sanitization and output escaping in the user description field, enabling Stored Cross-Site Scripting. Exploitation requires HTML support for user description to ...

CVE-2026-28343

CVE-2026-28343 applies to CKEditor 5 prior to 47.6.0, where the General HTML Support feature allows cross-site scripting (XSS) if an editor instance is configured with unsafe HTML support. The vulnerability arises from inserting specially crafted markup that can lead to unauthorized JavaScript ex...

PT-2026-23086

Name of the Vulnerable Software and Affected Versions CKEditor 5 versions prior to 47.6.0 Description CKEditor 5, a JavaScript rich-text editor, contains a cross-site scripting XSS issue within the General HTML Support feature. This issue arises from the insertion of specially crafted markup,...

Linux Distros Unpatched Vulnerability : CVE-2024-45613

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - CKEditor 5 is a JavaScript rich-text editor. Starting in version 40.0.0 and prior to version 43.1.1, a Cross-Site Scripting XSS vulnerability is present in the...

Open-Source Collaboration Framework: Dradis

Collaboration and reporting framework for InfoSec teams Some of the features: Platform independent Markup support for the notes: text styles, code blocks, images, links, etc. Integration with existing systems and tools: Brakeman Burp Suite MediaWiki Metasploit Nessus NeXpose Nikto Nmap OpenVAS...