CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

887 matches found

Moodle - Cross-Site Scripting/Remote Code Execution

The vulnerability was found Moodle which exists because the application allows a user to control path of the older to create in TinyMCE loaders. A remote user can send a specially crafted HTTP request and create arbitrary folders on the system. Moodle versions 4.1.x before 4.1.3 and 4.2.x before...

6.5CVSS6.8AI score0.26507EPSS

Exploits3References5

EUVD•added 3 days ago•8 views

EUVD-2026-32922

TinyMCE Cross-Site Scripting XSS vulnerability using media plugin data-mce-object injection...

8.7CVSS5.4AI score0.00032EPSS

Exploits0References4

Github Security Blog•added 3 days ago•11 views

TinyMCE Cross-Site Scripting (XSS) vulnerability using media plugin `data-mce-object` injection

Impact Stored XSS vulnerability in the media plugin. Attackers can inject malicious scripts via crafted data-mce- attributes, which are executed when content is rendered. Impacts users of TinyMCE with the media plugin enabled. Patches This vulnerability has been patched in TinyMCE 8.5.1, TinyMCE...

8.7CVSS5.3AI score0.00032EPSS

Exploits0References5Affected Software2

OSV•added 3 days ago•6 views

GHSA-VG35-5WQ7-3X7W TinyMCE Cross-Site Scripting (XSS) vulnerability using media plugin `data-mce-object` injection

8.7CVSS5.3AI score0.00032EPSS

Exploits0References5

OSV•added 3 days ago•5 views

GHSA-V98H-VMPC-FPQV TinyMCE Cross-Site Scripting (XSS) vulnerability through `mce:protected` comments

Impact Stored XSS vulnerability via forged mce:protected comments. Allows attackers to bypass sanitization and inject scripts that execute when content is restored. Impacts users who utilize the protect option. Patches Patched by validating decoded mce:protected content against configured protect...

8.7CVSS5.5AI score0.00032EPSS

Exploits0References5

Github Security Blog•added 3 days ago•14 views

TinyMCE Cross-Site Scripting (XSS) vulnerability through `mce:protected` comments

8.7CVSS5.5AI score0.00032EPSS

Exploits0References5Affected Software2

EUVD•added 3 days ago•10 views

EUVD-2026-32923

TinyMCE Cross-Site Scripting XSS vulnerability through mce:protected comments...

8.7CVSS5.4AI score0.00032EPSS

Exploits0References4

Github Security Blog•added 3 days ago•11 views

TinyMCE Cross-Site Scripting (XSS) vulnerability using through data-mce- prefixed src, href, style attributes

Impact Stored XSS vulnerability via unsanitized data-mce- attributes data-mce-href, data-mce-src, data-mce-style. Allows attackers to inject malicious values that override safe attributes during serialization, bypassing validation. Patches Patched by stripping unsafe data-mce- attributes during...

8.7CVSS5.4AI score0.00032EPSS

Exploits0References5Affected Software2

OSV•added 3 days ago•4 views

GHSA-Q742-QVGC-GC2F TinyMCE Cross-Site Scripting (XSS) vulnerability using through data-mce- prefixed src, href, style attributes

8.7CVSS5.4AI score0.00032EPSS

Exploits0References5

EUVD•added 3 days ago•9 views

EUVD-2026-32921

TinyMCE Cross-Site Scripting XSS vulnerability using through data-mce- prefixed src, href, style attributes...

8.7CVSS5.4AI score0.00032EPSS

Exploits0References4

Github Security Blog•added 3 days ago•9 views

TinyMCE Cross-Site Scripting (XSS) vulnerability using sanitization bypass through nested SVGs

Impact TinyMCE 6.8.x contains an XSS vulnerability caused by improper SVG namespace scope handling in the sanitizer. A crafted payload using nested elements can bypass attribute sanitization and execute arbitrary JavaScript. Patches This issue affects TinyMCE 6.8.x-7.0.x. The vulnerability is fix...

8.7CVSS5.8AI score0.00033EPSS

Exploits0References3Affected Software2

EUVD•added 3 days ago•11 views

EUVD-2026-32920

TinyMCE Cross-Site Scripting XSS vulnerability using sanitization bypass through nested SVGs...

8.7CVSS5.4AI score0.00033EPSS

Exploits0References2

OSV•added 3 days ago•5 views

GHSA-MH5M-5HW4-5C69 TinyMCE Cross-Site Scripting (XSS) vulnerability using sanitization bypass through nested SVGs

8.7CVSS5.8AI score0.00033EPSS

Exploits0References3

RedhatCVE•added 3 days ago•5 views

CVE-2026-38526

An authenticated arbitrary file upload vulnerability in the /admin/tinymce/upload endpoint of Webkul Krayin CRM v2.2.x allows attackers to execute arbitrary code via uploading a crafted PHP file...

9.9CVSS6AI score0.00024EPSS

Exploits2References1

Veracode•added 4 days ago•7 views

Cross-site Scripting

TinyMCE is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper SVG namespace scope handling in the sanitizer, where crafted nested SVG elements can bypass attribute sanitization and execute arbitrary JavaScript, resulting in cross-site scripting attacks...

8.7CVSS5.9AI score0.00033EPSS

Exploits0References1Affected Software2

Veracode•added 4 days ago•7 views

Stored Cross-Site Scripting

TinyMCE is vulnerable to Stored Cross-Site Scripting XSS. The vulnerability is due to insufficient sanitization of data-mce- attributes such as data-mce-href, data-mce-src, and data-mce-style, allowing attackers to inject malicious values that override validated attributes during content...

8.7CVSS6AI score0.00032EPSS

Exploits0References4Affected Software2

Tenable Nessus•added 2026/06/01 12:0 a.m.•9 views

Linux Distros Unpatched Vulnerability : CVE-2026-47759

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - TinyMCE is an open source rich text editor. Prior to 5.11.1, 7.9.3, and 8.5.1, there is a stored XSS vulnerability via unsanitized data-mce- attributes...

8.7CVSS5.8AI score0.00032EPSS

Exploits0References2

Tenable Nessus•added 2026/05/30 12:0 a.m.•6 views

Linux Distros Unpatched Vulnerability : CVE-2026-47762

8.7CVSS5.9AI score0.00032EPSS

Exploits0References2

Tenable Nessus•added 2026/05/30 12:0 a.m.•9 views

Linux Distros Unpatched Vulnerability : CVE-2026-47761

8.7CVSS5.8AI score0.00032EPSS

Exploits0References2

Veracode•added 2026/05/29 4:37 a.m.•7 views

Stored Cross-Site Scripting (XSS)

TinyMCE is vulnerable to Stored Cross-Site Scripting XSS. The vulnerability is due to improper sanitization of forged mce:protected comments, which allows an attacker to bypass content sanitization and inject malicious scripts that execute when the protected content is restored...

8.7CVSS5.9AI score0.00032EPSS

Exploits0References4Affected Software2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by