Lucene search
+L

266 matches found

Cvelist
Cvelist
added 2025/05/19 8:7 a.m.26 views

CVE-2025-41429

a-blog cms multiple versions neutralize logs improperly. If this vulnerability is exploited with CVE-2025-36560, a remote unauthenticated attacker may hijack a legitimate user's session...

4.8CVSS0.0036EPSS
Exploits0References2
CVE
CVE
added 2025/05/19 8:7 a.m.32 views

CVE-2025-41429

CVE-2025-41429 affects a-blog CMS across multiple versions, where improper log neutralization is cited as the underlying issue. The entry notes that exploitation in combination with CVE-2025-36560 could allow a remote unauthenticated attacker to hijack a legitimate user’s session. Connected sourc...

9.8CVSS7.3AI score0.0036EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2025/05/19 12:0 a.m.5 views

appleple a-blog cms 路径遍历漏洞

appleple a-blog cms is a content management system from appleple. A path traversal vulnerability exists in appleple a-blog cms versions prior to 3.1.43, which stems from insufficient path validation of the backup function, and could lead to a path traversal attack...

7.2CVSS8.3AI score0.00443EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/05/14 12:0 a.m.11 views

PT-2025-21220 · Unknown · A-Blog Cms

Name of the Vulnerable Software and Affected Versions: a-blog cms affected versions not specified Description: A server-side request forgery vulnerability exists in a-blog cms, allowing a remote unauthenticated attacker to gain access to sensitive information by sending a specially crafted reques...

9.2CVSS6.4AI score0.00463EPSS
Exploits0References20
Positive Technologies
Positive Technologies
added 2025/05/14 12:0 a.m.10 views

PT-2025-21218 · Unknown · A-Blog Cms

Name of the Vulnerable Software and Affected Versions: a-blog cms versions prior to 3.1.43 a-blog cms versions prior to 3.0.47 Description: A cross-site scripting issue exists in a specific field in the entry editing screen of a-blog cms, requiring contributor or higher level privileges to exploi...

5.4CVSS6AI score0.00219EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2025/05/14 12:0 a.m.6 views

PT-2025-21216 · Unknown · A-Blog Cms

Name of the Vulnerable Software and Affected Versions: a-blog cms versions prior to 3.1.43 a-blog cms versions prior to 3.0.47 Description: The issue is related to insufficient path validation in the backup feature of a-blog cms, which can be exploited by a remote authenticated attacker with...

5.1CVSS6.2AI score0.00443EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2025/05/14 12:0 a.m.5 views

PT-2025-21221 · Unknown · A-Blog Cms

Name of the Vulnerable Software and Affected Versions: a-blog cms versions affected versions not specified Description: The issue is related to improper neutralization of logs. A remote unauthenticated attacker may hijack a legitimate user's session if the vulnerability is exploited...

4.8CVSS6.3AI score0.0036EPSS
Exploits0References7
OSV
OSV
added 2025/04/17 10:15 p.m.4 views

CVE-2025-29461

An issue in a-blogcms 3.1.15 allows a remote attacker to obtain sensitive information via the /bid/1/admin/entry-edit/ path...

7.6CVSS5.8AI score0.00377EPSS
Exploits1References1
CNNVD
CNNVD
added 2025/04/17 12:0 a.m.5 views

BlogCMS 安全漏洞

BlogCMS is a PHP and MySQL based blogging system by Pramod Mahato Individual Developer in India. A security vulnerability exists in BlogCMS version 3.1.15, which stems from improper handling of the /bid/1/admin/entry-edit/ path, which could allow remote attackers to obtain sensitive information...

7.6CVSS6.5AI score0.00377EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2025/04/02 5:31 a.m.13 views

CVE-2025-31103

Untrusted data deserialization vulnerability exists in a-blog cms. Processing a specially crafted request may store arbitrary files on the server where the product is running. This can be leveraged to execute an arbitrary script on the server...

7.5CVSS7.5AI score0.00474EPSS
Exploits0References1
OSV
OSV
added 2025/03/31 5:15 a.m.6 views

CVE-2025-31103

Untrusted data deserialization vulnerability exists in a-blog cms. Processing a specially crafted request may store arbitrary files on the server where the product is running. This can be leveraged to execute an arbitrary script on the server...

7.5CVSS6AI score0.00474EPSS
Exploits0References3
NVD
NVD
added 2025/03/31 5:15 a.m.30 views

CVE-2025-31103

Untrusted data deserialization vulnerability exists in a-blog cms. Processing a specially crafted request may store arbitrary files on the server where the product is running. This can be leveraged to execute an arbitrary script on the server...

7.5CVSS0.00474EPSS
Exploits0References3
CVE
CVE
added 2025/03/31 4:54 a.m.137 views

CVE-2025-31103

The CVE-2025-31103 issue affects a-blog cms and is caused by untrusted data deserialization. Multiple connected sources confirm that processing a crafted request can store arbitrary files on the server and may allow execution of arbitrary scripts. Affected versions include v2.8.x and later up to ...

7.5CVSS7.2AI score0.00474EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2025/03/31 4:54 a.m.35 views

CVE-2025-31103

Untrusted data deserialization vulnerability exists in a-blog cms. Processing a specially crafted request may store arbitrary files on the server where the product is running. This can be leveraged to execute an arbitrary script on the server...

7.5CVSS0.00474EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/03/31 4:54 a.m.7 views

CVE-2025-31103

Untrusted data deserialization vulnerability exists in a-blog cms. Processing a specially crafted request may store arbitrary files on the server where the product is running. This can be leveraged to execute an arbitrary script on the server...

7.5CVSS7.7AI score0.00474EPSS
Exploits0References3
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2025/03/28 1:46 a.m.5 views

a-blog cms vulnerable to untrusted data deserialization

Overview a-blog cms provided by appleple inc. contains untrusted data deserialization vulnerability CWE-502. The developer states that attacks exploiting the vulnerability has been observed on a-blog cms Ver.2.8.x series or later. appleple inc. reported this vulnerability to JPCERT/CC to notify...

7.5CVSS7.1AI score0.00474EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2025/03/28 12:0 a.m.19 views

JVN#66982699: a-blog cms vulnerable to untrusted data deserialization

a-blog cms provided by appleple inc. contains untrusted data deserialization vulnerability CWE-502. The developer states that attacks exploiting the vulnerability has been observed on a-blog cms Ver.2.8.x series or later. Impact Processing a specially crafted request may store arbitrary files on...

7.5CVSS7AI score0.00474EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2025/03/28 12:0 a.m.8 views

PT-2025-13441 · Unknown · A-Blog Cms

Name of the Vulnerable Software and Affected Versions: a-blog cms affected versions not specified Description: A critical issue exists due to the deserialization of untrusted data in a-blog cms, allowing an attacker to store arbitrary files on the server. This can lead to the execution of arbitra...

7.5CVSS7.5AI score0.00474EPSS
Exploits0References15
VulnCheck KEV
VulnCheck KEV
added 2025/03/28 12:0 a.m.6 views

VulnCheck KEV: CVE-2025-31103

A-blog CMS contains an untrusted data deserialization vulnerability that if successfully exploited can be leveraged to execute an arbitrary script on the server...

7.5CVSS6AI score0.00474EPSS
Exploits0References1
NVD
NVD
added 2024/05/22 5:15 a.m.14 views

CVE-2024-31395

Cross-site scripting vulnerability exists in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.12, Ver.3.0.x series versions prior to Ver.3.0.32, Ver.2.11.x series versions prior to Ver.2.11.61, Ver.2.10.x series versions prior to Ver.2.10.53, and Ver.2.9 and earlier versions. If this...

6.1CVSS6.4AI score0.00304EPSS
Exploits0References2
Rows per page
Query Builder