CVE-2026-21768

CVE-2026-21768 affects the compose-rich-editor library (v1.0.0-rc14) used in HCL Verse for Android. The vulnerability arises from improper validation of HTML input in the rich text editor, enabling execution of malicious content in certain scenarios. According to NVD, CVSSv3.1 base score is 6.3 (...

CVE-2026-21768 HCL Verse for Android is susceptible to an injection vulnerability

The compose-rich-editor library v1.0.0-rc14 used in HCL Verse for Android's rich text email composition fails to properly validate all HTML input thereby allowing malicious content to be executed in certain situations...

TencentOS Server 4: vim (TSSA-2026:0317)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2026:0317 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...

Notepad++ security vulnerabilities

Notepad++ is an open-source plain-text editor developed by Don Ho of Taiwan, China. Notepad++ has security vulnerabilities, and attackers can exploit these vulnerabilities to execute arbitrary code...

ROS-20260524-73-0037

Vulnerability in vim text editor is related to failure to take measures to neutralize special elements. Exploitation of the vulnerability could allow an attacker to execute arbitrary commands...

Advisory ROSA-SA-2026-3285

software: vim 9.2.0321 WASP: ROSA-CHROME unaffected versions = vim-9.2.0321-1 affected versions vim-9.2.0321-1 CVE-ID: CVE-2026-33412 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: A command injection vulnerability in the Vim text editor allows an attacker to execute arbitrary shell commands via a...

MAL-2026-4072 Malicious code in @antv/narrative-text-editor (npm)

Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...

@antv/lite-insight (>=2.1.0 <=2.1.1), @antv/narrative-text-editor (>=0.1.1 <=0.2.20) +3 more potentially affected by unknown CVE via @antv/narrative-text-schema (>=0.1.5 <=0.3.7)

@antv/narrative-text-schema NPM version =0.1.5, =2.1.0, =0.1.1, =0.1.6, =2.0.0, =0.1.0-alpha.16, =0.1.0-alpha.22 Source cves: unknown CVE Source advisory: SNYK:JS-ANTVNARRATIVETEXTSCHEMA-16755006...

@antv/narrative-text-editor (>=0.1.1 <=0.2.20), antv-site-demo-rc (>=0.1.0-alpha.16 <=0.1.0-alpha.22) potentially affected by unknown CVE via @antv/narrative-text-vis (>=0.1.8 <=0.3.16)

@antv/narrative-text-vis NPM version =0.1.8, =0.1.1, =0.1.0-alpha.16, =0.1.0-alpha.22 Source cves: unknown CVE Source advisory: SNYK:JS-ANTVNARRATIVETEXTVIS-16755009...

@antv/narrative-text-editor (>=0.1.1 <=0.2.20), antv-site-demo-rc (>=0.1.0-alpha.16 <=0.1.0-alpha.22) potentially affected by unknown CVE via @antv/narrative-text-vis (>=0.1.8 <=0.3.16)

@antv/narrative-text-vis NPM version =0.1.8, =0.1.1, =0.1.0-alpha.16, =0.1.0-alpha.22 Source cves: unknown CVE Source advisory: SNYK:JS-ANTVNARRATIVETEXTVIS-16754840...

[SECURITY] Fedora 42 Update: python-jupytext-1.19.1-4.fc42

Have you always wished Jupyter notebooks were plain text documents? Wished you could edit them in your favorite IDE? And get clear and meaningful diffs when doing version control? Then... Jupytext may well be the tool you're looking for! Jupytext is a plugin for Jupyter that can save Jupyter...

KLA91038 Multiple vulnerabilities in Microsoft Products (ESU)

Multiple vulnerabilities were found in Microsoft Products Extended Security Update. Malicious users can exploit these vulnerabilities to cause denial of service, bypass security restrictions, gain privileges, execute arbitrary code, obtain sensitive information. Below is a complete list of...

EUVD-2021-34793

Exponent CMS 2.6 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through the Title and Text Block parameters in the text editing endpoint. Attackers can inject iframe payloads with embedded SVG onload events to execute arbitrary...

CVE-2026-41524

Brave CMS is an open-source CMS. Prior to commit 6c56603, page and article body content entered through the CKEditor rich-text editor is stored verbatim in the database and subsequently rendered with Laravel Blade's unescaped output directive !! !!. Any JavaScript or HTML injected by an editor-ro...

PT-2026-39138

Name of the Vulnerable Software and Affected Versions Brave CMS versions prior to commit 6c56603 Description Page and article body content entered through the CKEditor rich-text editor is stored verbatim in the database and rendered using Laravel Blade's unescaped output directive !! !!. This...

@ckeditor/ckeditor-cloud-services-collaboration (>=23.0.0 <=29.0.0), @ckeditor/ckeditor5-real-time-collaboration (>=29.1.0 <=33.0.0) +2 more potentially affected by CVE-2026-33151 via socket.io-parser (=3.4.1)

socket.io-parser NPM version =3.4.1 is affected by a known vulnerability. The following packages have a transitive dependency on socket.io-parser and may be impacted: - @ckeditor/ckeditor-cloud-services-collaboration =23.0.0, =29.1.0, =29.0.0, =1.5.3, =2.1.0 Source cves: CVE-2026-33151 Source...

📄 Voyager 1.8.0 Arbitrary File Upload

Voyager version 1.8.0 has an issue where an attacker with minimal privileges any role allowed to upload images in a Rich Text Box can upload a polyglot file masquerading as an image while embedding server-side executable code...

CVE-2026-1820

The Media Library Alt Text Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'bvmaltscdivupdatealttext' shortcode in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes ...

EUVD-2026-10132

The Media Library Alt Text Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'bvmaltscdivupdatealttext' shortcode in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes ...

CVE-2026-1820

The Media Library Alt Text Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'bvmaltscdivupdatealttext' shortcode in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes ...