Known Vulnerabilities for Media by Tinymce
Listed below are 1 of the newest known vulnerabilities associated with "Media" by "Tinymce".
These CVEs are retrieved based on exact matches on listed software, hardware, and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.
Data on known vulnerable versions is also displayed based on information from known CPEs
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-61456 json | The Grav API plugin (getgrav/grav-plugin-api) before 1.0.3 fails to sanitize SVG files uploaded through the POST /api/v1/medi... | Not Provided | 2026-07-10 | 2026-07-10 |
| CVE-2026-59153 json | Anki is a program for creating and reviewing flashcards. Prior to 25.09.3, Anki launches a local HTTP server to serve media f... | Not Provided | 2026-07-07 | 2026-07-08 |
| CVE-2026-58657 json | Grav before 2.0.0 (affected through 2.0.0-rc.9 and the 2.0 branch) contains a stored CSS injection vulnerability in the Markd... | Not Provided | 2026-07-08 | 2026-07-08 |
| CVE-2026-58049 json | FFmpeg's RASC video decoder (decode_dlta in libavcodec/rasc.c) performs 32-bit reads and writes at the row cursor before the ... | Not Provided | 2026-06-28 | 2026-07-06 |
| CVE-2026-57722 json | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ShortPixel Enable Media... | Not Provided | 2026-07-01 | 2026-07-02 |
| CVE-2026-57575 json | Misskey is an open source, federated social media platform. Prior to 2026.6.0, Misskey contains a Server-Side Request Forgery... | Not Provided | 2026-07-10 | 2026-07-10 |
| CVE-2026-57574 json | Misskey is an open source, federated social media platform. Prior to 2026.6.0, Misskey contains a vulnerability in Time-based... | Not Provided | 2026-07-10 | 2026-07-10 |
| CVE-2026-56285 json | Nitter's /video media proxy endpoint fails to validate target URLs against Twitter/X domains and uses a hardcoded default HMA... | Not Provided | 2026-06-29 | 2026-06-29 |
| CVE-2026-56012 json | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in David Lingren Media LIb... | Not Provided | 2026-06-18 | 2026-06-18 |
| CVE-2026-55890 json | Grav is a file-based Web platform. Prior to 2.0.0-rc.9, Grav's incomplete fix for stored XSS through the Markdown media attri... | Not Provided | 2026-07-10 | 2026-07-10 |