17fe-ui23 (>=0.0.0 <=0.0.24), @2kog/pkg-editor (>=0.0.1 <=0.1.3) +583 more potentially affected by CVE-2026-47761 via tinymce (>=6.0.0 <=7.5.1)

tinymce NPM version =6.0.0, =0.0.0, =0.0.1, =12.1.0, =4.1.0, =1.0.0-beta.1, =4.1.2-rc, =1.0.0, =0.1.0, =0.1.19, =0.1.0, =0.1.1 and more Source cves: CVE-2026-47761 Source advisory: OSV:GHSA-VG35-5WQ7-3X7W...

17fe-ui23 (>=0.0.0 <=0.0.24), @2kog/pkg-editor (>=0.0.1 <=0.1.3) +553 more potentially affected by CVE-2026-47760 via tinymce (>=6.8.1 <=7.0.1)

tinymce NPM version =6.8.1, =0.0.0, =0.0.1, =12.1.0, =4.1.0, =1.0.0-beta.1, =4.1.2-rc, =1.0.0, =0.1.0, =0.1.0, =0.1.1, =0.1.7 - @arkxos/arkos-example =0.1.0 and more Source cves: CVE-2026-47760 Source advisory: OSV:GHSA-MH5M-5HW4-5C69...

Linux Distros Unpatched Vulnerability : CVE-2026-47762

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - TinyMCE is an open source rich text editor. Prior to 5.11.1, 7.9.3, and 8.5.1, there is a stored XSS vulnerability via forged mce:protected comments. Allows...

Cross-site Scripting (XSS)

Overview tinymce/tinymce is a web-based JavaScript HTML WYSIWYG editor control. Affected versions of this package are vulnerable to Cross-site Scripting XSS via improper handling of SVG namespace scope by the sanitizer. An attacker can execute arbitrary JavaScript by crafting a payload with neste...

bsign-ui (>=0.0.3 <=0.0.5), gc-nimbus-ui (>=3.0.0 <=3.0.12) potentially affected by CVE-2026-47759 via tinymce (>=8.0.2 <=8.2.2)

tinymce NPM version =8.0.2, =0.0.3, =3.0.0, =3.0.12 Source cves: CVE-2026-47759 Source advisory: SNYK:JS-TINYMCE-17056166...

io.github.ezadmin126:ezadmin-common (>=3.0.0 <=3.1.1), io.github.ezadmin126:ezadmin-core (>=2.9.12 <=2.11.5) +6 more potentially affected by CVE-2026-47761 via org.webjars.npm:tinymce (>=5.10.7 <=6.8.6)

org.webjars.npm:tinymce MAVEN version =5.10.7, =3.0.0, =2.9.12, =3.0.3, =3.0.0, =5.1.0, =10.0.0, =1.0.2, =2.9.7, =2.9.9 Source cves: CVE-2026-47761 Source advisory: SNYK:JAVA-ORGWEBJARSNPM-17056140...

io.github.ezadmin126:ezadmin-common (>=3.0.0 <=3.1.1), io.github.ezadmin126:ezadmin-core (>=2.9.12 <=2.11.5) +6 more potentially affected by CVE-2026-47762 via org.webjars.npm:tinymce (>=5.10.7 <=6.8.6)

org.webjars.npm:tinymce MAVEN version =5.10.7, =3.0.0, =2.9.12, =3.0.3, =3.0.0, =5.1.0, =10.0.0, =1.0.2, =2.9.7, =2.9.9 Source cves: CVE-2026-47762 Source advisory: SNYK:JAVA-ORGWEBJARSNPM-17056144...

TinyMCE 跨站脚本漏洞

TinyMCE is an open-source rich text editor developed by Tiny Technologies in the United States. Versions of TinyMCE prior to 5.11.1, 7.9.3, and 8.5.1 contained a cross-site scripting vulnerability. This vulnerability stemmed from a storage-type XSS vulnerability in the media plugin. Attackers cou...

CVE-2022-23494

tinymce is an open source rich text editor. A cross-site scripting XSS vulnerability was discovered in the alert and confirm dialogs when these dialogs were provided with malicious HTML content. This can occur in plugins that use the alert or confirm dialogs, such as in the image plugin, which...

EUVD-2021-0519

Malware in sbrugna...

EUVD-2020-0418

Malware in sbrugna...

EUVD-2014-8539

Malware in sbrugna...

EUVD-2023-2747

Malicious code in bioql PyPI...

EUVD-2023-2813

Malicious code in bioql PyPI...

EUVD-2024-0810

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2023-48219

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - TinyMCE is an open source rich text editor. A mutation cross-site scripting mXSS vulnerability was discovered in TinyMCE's core undo/redo functionality and othe...

Linux Distros Unpatched Vulnerability : CVE-2017-14726

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Before version 4.8.2, WordPress was vulnerable to a cross-site scripting attack via shortcodes in the TinyMCE visual editor. CVE-2017-14726 Note that Nessus...

Linux Distros Unpatched Vulnerability : CVE-2024-29881

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - TinyMCE is an open source rich text editor. A cross-site scripting XSS vulnerability was discovered in TinyMCE's content loading and content inserting code. A S...

CVE-2024-29881

TinyMCE is an open source rich text editor. A cross-site scripting XSS vulnerability was discovered in TinyMCE’s content loading and content inserting code. A SVG image could be loaded though an object or embed element and that image could potentially contain a XSS payload. This vulnerability is...

CVE-2011-4906

Tiny browser in TinyMCE 3.0 editor in Joomla! before 1.5.13 allows file upload and arbitrary PHP code execution...