Every CVE whose affected-product data names Cksource Ckfinder, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (4)
CVE-2019-15862 — CVSS 7.5 (high): An issue was discovered in CKFinder through 2.6.2.1. Improper checks of file names allows remote attackers to upload files without any…
CVE-2025-63830 — CVSS 6.1 (medium): CKFinder 1.4.3 is vulnerable to Cross Site Scripting (XSS) in the File Upload function. An attacker can upload a crafted SVG containing…
CVE-2019-15891 — CVSS 5.3 (medium): An issue was discovered in CKFinder through 2.6.2.1 and 3.x through 3.5.0. The documentation has misleading information that could lead to…
CVE-2016-20023 — CVSS 5.0 (medium): In CKSource CKFinder before 2.5.0.1 for ASP.NET, authenticated users could download any file from the server if the correct path to a file…