CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

25 matches found

EUVD•added 2025/10/03 8:7 p.m.•1 views

EUVD-2023-32127

Malicious code in bioql PyPI...

6.1CVSS7AI score0.0054EPSS

Exploits0References6

Tenable Nessus•added 2025/09/03 12:0 a.m.•2 views

Linux Distros Unpatched Vulnerability : CVE-2019-1010091

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - tinymce 4.7.11, 4.7.12 is affected by: CWE-79: Improper Neutralization of Input During Web Page Generation. The impact is: JavaScript code execution. The...

6.1CVSS6.3AI score0.00978EPSS

Exploits1References2

RedhatCVE•added 2025/05/23 4:51 a.m.•6 views

CVE-2023-28439

CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A cross-site scripting vulnerability has been discovered affecting Iframe Dialog and Media Embed packages. The vulnerability may trigger a JavaScript code after fulfilling special conditions: using one of the affected packages ...

6.1CVSS6.5AI score0.0054EPSS

Exploits0References1

OSV•added 2025/02/06 1:26 a.m.•2 views

USN-7258-1 ckeditor vulnerabilities

Kevin Backhouse discovered that CKEditor did not properly sanitize HTML content. An attacker could possibly use this issue to perform cross site scripting and obtain sensitive information. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS...

6.1CVSS6.4AI score0.3983EPSS

Exploits0References6

Cvelist•added 2024/07/15 6:21 p.m.•33 views

CVE-2024-40631 Cross-site Scripting (XSS) in media embed element when using custom URL parsers in plate media

Plate media is an open source, rich-text editor for React. Editors that use MediaEmbedElement and pass custom urlParsers to the useMediaState hook may be vulnerable to XSS if a custom parser allows javascript:, data: or vbscript: URLs to be embedded. Editors that do not use urlParsers and consume...

8.1CVSS0.00332EPSS

Exploits0References3

CNNVD•added 2024/07/15 12:0 a.m.•1 views

Plate Security Breach

Plate is a plugin system for Ziad Beyens individual developers to make it easier to build fully functional editors. Plate has a security vulnerability that stems from when the editor uses the MediaEmbedElement component and passes custom urlParsers via the useMediaState hook, if the custom parser...

8.1CVSS6AI score0.00332EPSS

Exploits0References4

Tenable Nessus•added 2023/11/07 12:0 a.m.•15 views

Fedora 39 : ckeditor (2023-426b3a500d)

The remote Fedora 39 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-426b3a500d advisory. - 4.22.0/4.22.1 - 4.21.0 - GHSA-vh5c-xwqv-cv9g / CVE-2023-28439 - 4.20.2 - 4.20.1 Tenable has extracted the preceding description block directly from the...

6.1CVSS7AI score0.0054EPSS

Exploits0References2

Tenable Nessus•added 2023/10/04 12:0 a.m.•14 views

Fedora 38 : ckeditor (2023-79b5902a52)

The remote Fedora 38 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-79b5902a52 advisory. - 4.22.0/4.22.1 - 4.21.0 - GHSA-vh5c-xwqv-cv9g / CVE-2023-28439 - 4.20.2 - 4.20.1 Tenable has extracted the preceding description block directly from the...

6.1CVSS7AI score0.0054EPSS

Exploits0References2

Tenable Nessus•added 2023/10/04 12:0 a.m.•18 views

Fedora 37 : ckeditor (2023-983ff03630)

The remote Fedora 37 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-983ff03630 advisory. - 4.22.0/4.22.1 - 4.21.0 - GHSA-vh5c-xwqv-cv9g / CVE-2023-28439 - 4.20.2 - 4.20.1 Tenable has extracted the preceding description block directly from the...

6.1CVSS7AI score0.0054EPSS

Exploits0References2

BDU FSTEC•added 2023/09/07 12:0 a.m.•1 views

The vulnerability of the Iframe Dialog and Media Embed functions in CKEditor’s WYSIWYG editor allows a hacker to execute arbitrary JavaScript code.

The vulnerability of the Iframe Dialog and Media Embed functions in the CKEditor WYSIWYG editor is related to the lack of measures taken to protect the structure of web pages. Exploiting this vulnerability allows a malicious actor to execute arbitrary JavaScript code remotely...

6.4CVSS0.0054EPSS

Exploits0References6Affected Software1

OSV•added 2023/04/26 3:15 p.m.•0 views

UBUNTU-CVE-2022-25276

The Media oEmbed iframe route does not properly validate the iframe domain setting, which allows embeds to be displayed in the context of the primary domain. Under certain circumstances, this could lead to cross-site scripting, leaked cookies, or other vulnerabilities...

6.1CVSS5.7AI score0.01831EPSS

Exploits0References3

OpenVAS•added 2023/03/28 12:0 a.m.•24 views

CKEditor 4.x < 4.21 XSS Vulnerability - Linux

CKEditor 4 is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

6.1CVSS6.2AI score0.0054EPSS

Exploits0References1

OSV•added 2023/03/22 9:15 p.m.•1 views

DEBIAN-CVE-2023-28439

6.1CVSS6.9AI score0.0054EPSS

Exploits0References1