EUVD-2026-6080

A vulnerability has been found in kalcaddle kodbox up to 1.64.05. The impacted element is the function run of the file plugins/fileThumb/lib/VideoResize.class.php of the component Media File Preview Plugin. Such manipulation of the argument localFile leads to os command injection. The attack can ...

CVE-2026-2560

Affected software.�a0 kalcaddle kodbox (up to 1.64.05) and specifically the Media File Preview Plugin, vulnerable via the function run in plugins/fileThumb/lib/VideoResize.class.php. Root cause.�a0 Manipulation of the localFile argument leads to an OS command injection. Impact.�a0 Remote attacker...

CVE-2025-52738

The CVE-2025-52738 entry covers a Missing Authorization vulnerability in the Wikimedia Foundation Wikipedia Preview WordPress plugin. Affected product: WordPress Wikipedia Preview plugin up to version 1.15.0. Root cause: incorrectly configured access control security levels leading to Broken Acce...

@avorati/strapi-plugin-preview (=1.0.1), @catchmexz/fedin-cms (>=5.30.1 <=5.30.2) +26 more potentially affected by CVE-2024-56143 via @strapi/core (>=5.0.0 <=5.5.1)

@strapi/core NPM version =5.0.0, =5.30.1, =1.0.0, =2.3.1, =2.0.2, =0.1.0, =2.0.0, =1.0.1, =5.0.0, =0.1.0, =0.2.0, =0.5.0 - cypherscan-strapi =0.1.1 - keycloak-auth-plugin =0.0.1 - my-shopify-app-backend =0.1.0 and more Source cves: CVE-2024-56143 Source advisory: SNYK:JS-STRAPICORE-13601313...

EUVD-2014-4521

Malware in sbrugna...

EUVD-2017-9152

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2014-5191

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Cross-site scripting XSS vulnerability in the Preview plugin before 4.4.3 in CKEditor allows remote attackers to inject arbitrary web script or HTML via...

WordPress Wikipedia Preview plugin <= 1.15.0 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Nabil Irawan in WordPress Plugin Wikipedia Preview versions = 1.15.0...

WordPress plugin Live Preview for Contact Form 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A security vulnerability...

WordPress plugin RSV PDF Preview 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A cross-site scripting...

WordPress RSV PDF Preview plugin <= 1.0 - Stored Cross Site Scripting (XSS) vulnerability

Stored Cross Site Scripting XSS vulnerability discovered by SOPROBRO Patchstack Alliance in WordPress Plugin RSV PDF Preview versions = 1.0...

The Preview plugin in CKEditor allows Cross-site scripting (XSS)

Cross-site scripting XSS vulnerability in the Preview plugin before 4.4.3 in CKEditor allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

GHSA-V27H-J97P-WQMX The Preview plugin in CKEditor allows Cross-site scripting (XSS)

Cross-site scripting XSS vulnerability in the Preview plugin before 4.4.3 in CKEditor allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

CVE-2020-15138

Prism is vulnerable to Cross-Site Scripting. The easing preview of the Previewers plugin has an XSS vulnerability that allows attackers to execute arbitrary code in Safari and Internet Explorer. This impacts all Safari and Internet Explorer users of Prism =v1.1.0 that use the Previewers plugin...

Security Bulletin: IBM OpenPages GRC Platform is affected by CKEditor (Preview Plugin) vulnerability (CVE-2014-5191)

Summary IBM OpenPages GRC Platform has addressed CKEditor Preview Plugin vulnerability CVE-2014-5191 Vulnerability Details CVEID: CVE-2014-5191 DESCRIPTION: Preview Plugin for CKEditor is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker...

Security Bulletin: IBM Cúram is susceptible to a Open Source CKEditor vulnerability (CVE-2014-5191).

Summary IBM Cúram Social Program Management is vulnerable to Reflected Cross-Site ScriptingXSS. This is caused by improper sanitization of user-supplied data in the Preview Plugin for CKEditor. Vulnerability Details CVE ID: CVE-2014-5191 The Preview Plugin for CKEditor is vulnerable to cross-site...

CVE-2017-18012

The Z-URL Preview plugin 1.6.1 for WordPress has XSS via the class.zlinkpreview.php url parameter...

CVE-2014-5191

Cross-site scripting XSS vulnerability in the Preview plugin before 4.4.3 in CKEditor allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

CVE-2014-5191

Cross-site scripting XSS vulnerability in the Preview plugin before 4.4.3 in CKEditor allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

DEBIAN-CVE-2014-5191

Cross-site scripting XSS vulnerability in the Preview plugin before 4.4.3 in CKEditor allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...