Lucene search
K

10 matches found

EUVD
EUVD
added 2026/06/05 8:29 p.m.12 views

EUVD-2026-32922

TinyMCE Cross-Site Scripting XSS vulnerability using media plugin data-mce-object injection...

8.7CVSS5.4AI score0.00264EPSS
Exploits0References4
OSV
OSV
added 2026/05/28 4:16 p.m.25 views

UBUNTU-CVE-2026-47759

TinyMCE is an open source rich text editor. Prior to 5.11.1, 7.9.3, and 8.5.1, there is a stored XSS vulnerability via unsanitized data-mce- attributes data-mce-href, data-mce-src, data-mce-style. Allows attackers to inject malicious values that override safe attributes during serialization,...

8.7CVSS5.8AI score0.00281EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/05/28 3:21 p.m.17 views

CVE-2026-47762

TinyMCE is an open source rich text editor. Prior to 5.11.1, 7.9.3, and 8.5.1, there is a stored XSS vulnerability via forged mce:protected comments. Allows attackers to bypass sanitization and inject scripts that execute when content is restored. Impacts users who utilize the protect option. Thi...

8.7CVSS5.9AI score0.00281EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/28 3:21 p.m.14 views

CVE-2026-47762 TinyMCE Cross-Site Scripting (XSS) vulnerability through `mce:protected` comments

TinyMCE is an open source rich text editor. Prior to 5.11.1, 7.9.3, and 8.5.1, there is a stored XSS vulnerability via forged mce:protected comments. Allows attackers to bypass sanitization and inject scripts that execute when content is restored. Impacts users who utilize the protect option. Thi...

8.7CVSS5.9AI score0.00281EPSS
Exploits0References3
CVE
CVE
added 2026/05/28 3:20 p.m.54 views

CVE-2026-47761

Summary: CVE-2026-47761 is a stored XSS vulnerability in TinyMCE’s media plugin, triggered by crafted data-mce-* attributes during content rendering. Affected software: TinyMCE (open source rich text editor); affected version range prior to 5.11.1, 7.9.3, and 8.5.1. Root cause/Vector: Media plugi...

8.7CVSS5.8AI score0.00264EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/28 12:0 a.m.16 views

PT-2026-44391

Name of the Vulnerable Software and Affected Versions TinyMCE versions prior to 5.11.1 TinyMCE versions prior to 7.9.3 TinyMCE versions prior to 8.5.1 Description A stored Cross-Site Scripting XSS issue exists via forged mce:protected comments. This allows attackers to bypass sanitization and...

8.7CVSS5.9AI score0.00281EPSS
Exploits0References13
Amazon
Amazon
added 2026/04/13 12:0 a.m.13 views

Important: ecs-init

Issue Overview: url.Parse insufficiently validated the host/authority component and accepted some invalid URLs. CVE-2026-25679 On Unix platforms, when listing the contents of a directory using File.ReadDir or File.Readdir the returned FileInfo could reference a file outside of the Root in which t...

9.1CVSS6AI score0.01557EPSS
Exploits1
Vulnrichment
Vulnrichment
added 2026/03/20 10:23 p.m.3 views

CVE-2026-33186 gRPC-Go has an authorization bypass via missing leading slash in :path

gRPC-Go is the Go language implementation of gRPC. Versions prior to 1.79.3 have an authorization bypass resulting from improper input validation of the HTTP/2 :path pseudo-header. The gRPC-Go server was too lenient in its routing logic, accepting requests where the :path omitted the mandatory...

9.1CVSS5.9AI score0.01557EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2023/02/22 9:2 p.m.11 views

CVE-2022-37936

Unauthenticated Java deserialization vulnerability in Serviceguard Manager...

9.5AI score0.00787EPSS
Exploits0References1
CNVD
CNVD
added 2019/06/20 12:0 a.m.3 views

Edraw Max Heap Corruption Vulnerability

Edraw Max Billion Diagrams is a 2D business and technical diagramming software. The software can be used to create flowcharts, organizational charts, mind maps, network diagrams, floor plans, workflow diagrams, business diagrams and engineering drawings. A security vulnerability exists in Edraw M...

7.5CVSS6.8AI score0.01481EPSS
Exploits1References1
Rows per page
Query Builder