TinyMCE Cross-Site Scripting (XSS) vulnerability through `mce:protected` comments

Published 2026-05-28 by GitHub_M

TinyMCE Cross-Site Scripting (XSS) vulnerability using media plugin `data-mce-object` injection

Published 2026-05-28 by GitHub_M

TinyMCE Cross-Site Scripting (XSS) vulnerability using through data-mce- prefixed src, href, style attributes

Published 2026-05-28 by GitHub_M

TinyMCE Cross-Site Scripting (XSS) vulnerability using sanitization bypass through nested SVGs

Published 2026-05-28 by GitHub_M

PyJWT: Unauthenticated DoS via unbounded Base64URL decoding of unused payload segment in b64=false detached JWS

Published 2026-05-28 by GitHub_M

PyJWT: Algorithm allow-list bypass when decoding with `PyJWK` / `PyJWKClient` keys

Published 2026-05-28 by GitHub_M

PyJWT: Public-key JWK accepted as HMAC secret enables forged HS256 tokens when mixed families are allowed

Published 2026-05-28 by GitHub_M

PyJWT: PyJWKClient unbounded JWKS endpoint requests via attacker-controlled kid values (DoS)

Published 2026-05-28 by GitHub_M

PyJWKClient: missing scheme allowlist enables SSRF + token forgery via file://, ftp://, data: schemes

Published 2026-05-28 by GitHub_M

pypdf: Possible large memory usage for large offsets for layout mode text

Published 2026-05-28 by GitHub_M