CVE-2025-6674 CKEditor5 Youtube - Moderately critical - Cross-site Scripting - SA-CONTRIB-2025-081

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Drupal CKEditor5 Youtube allows Cross-Site Scripting XSS.This issue affects CKEditor5 Youtube: from 0.0.0 before 1.0.3...

PT-2025-16324 · Unknown · Dsgvo Youtube

Name of the Vulnerable Software and Affected Versions: DSGVO Youtube versions n/a through 1.5.1 Description: The issue is related to improper neutralization of input during web page generation, which allows for DOM-Based XSS. This problem affects DSGVO Youtube. Recommendations: For versions n/a...

A week in security (January 11 – January 17)

Last week on Malwarebytes Labs, we looked at IoT problems, Microsoft’s Patch Tuesday, and how cybercriminals want access to your cloud services. We also explored how VPNs can protect your privacy, and asked if MSPs have picked the right PSA. Other cybersecurity news Hot phishing targets: Some...

PT-2019-17914 · Google · Youtube

Name of the Vulnerable Software and Affected Versions: Related YouTube Videos versions prior to 1.9.9 Description: A cross-site request forgery CSRF issue allows remote attackers to hijack the authentication of administrators via unspecified vectors. Recommendations: For versions prior to 1.9.9,...