7703 matches found
Linux Distros Unpatched Vulnerability : CVE-2024-22636
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - PluXml Blog v5.8.9 was discovered to contain a remote code execution RCE vulnerability in the Static Pages feature. This vulnerability is exploited via injectin...
CVE-2025-47695
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in solwin Blog Designer PRO blog-designer-pro.This issue affects Blog Designer PRO: from n/a through = 3.4.7...
CVE-2025-47694
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in solwin Blog Designer PRO blog-designer-pro.This issue affects Blog Designer PRO: from n/a through = 3.4.7...
CVE-2025-55245
creationtimestamp| type| source ---|---|--- 2025-09-09 17:06:15+00:00| seen| https://www.thezdi.com/blog/2025/9/9/the-september-2025-security-update-review...
CVE-2025-47695
CVE-2025-47695 affects WordPress Blog Designer PRO (plugin)
CVE-2025-47694
CVE-2025-47694 affects the WordPress plugin Blog Designer PRO (versions up to 3.4.7). The vulnerability is a Reflected Cross-Site Scripting (XSS) caused by improper input neutralization during web page generation. Several connected sources (Red Hat, NVD/CVE entries, Patchstack, PT-Software) corro...
CVE-2025-47694 WordPress Blog Designer PRO plugin <= 3.4.7 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in solwin Blog Designer PRO blog-designer-pro.This issue affects Blog Designer PRO: from n/a through = 3.4.7...
CVE-2025-47695 WordPress Blog Designer PRO plugin <= 3.4.7 - Authenticated Non-Arbitrary Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in solwin Blog Designer PRO blog-designer-pro.This issue affects Blog Designer PRO: from n/a through = 3.4.7...
CVE-2025-47695 WordPress Blog Designer PRO plugin <= 3.4.7 - Authenticated Non-Arbitrary Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in solwin Blog Designer PRO blog-designer-pro.This issue affects Blog Designer PRO: from n/a through = 3.4.7...
CVE-2025-47694 WordPress Blog Designer PRO plugin <= 3.4.7 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in solwin Blog Designer PRO blog-designer-pro.This issue affects Blog Designer PRO: from n/a through = 3.4.7...
WordPress plugin Blog Designer PRO 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...
WordPress plugin Blog Designer PRO 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
PT-2025-36765
Name of the Vulnerable Software and Affected Versions: solwin Blog Designer PRO versions through 3.4.7 Description: The software contains an improper neutralization of input during web page generation, which may lead to cross-site scripting. Recommendations: Update solwin Blog Designer PRO to a...
PT-2025-36766
Name of the Vulnerable Software and Affected Versions: solwin Blog Designer PRO versions through 3.4.7 Description: The software contains an Improper Control of Filename for Include/Require Statement, also known as a PHP Remote File Inclusion. This allows for the inclusion of remote files,...
CVE-2025-58365
The XWiki blog application allows users of the XWiki platform to create and manage blog posts. Prior to version 9.14, the blog application in XWiki allowed remote code execution for any user who has edit right on any page. Normally, these are all logged-in users as they can edit their own user...
CVE-2025-58365
The CVE-2025-58365 issue affects the XWiki Blog Application prior to version 9.14. An attacker with edit rights on any page could inject a Blog.BlogPostClass object and place a script macro in the Content field, enabling remote code execution. The vulnerability is mitigated in 9.14 by executing b...
CVE-2025-58365 XWiki Blog Application: Privilege Escalation (PR) from account through blog content
The XWiki blog application allows users of the XWiki platform to create and manage blog posts. Prior to version 9.14, the blog application in XWiki allowed remote code execution for any user who has edit right on any page. Normally, these are all logged-in users as they can edit their own user...
CVE-2025-58365 XWiki Blog Application: Privilege Escalation (PR) from account through blog content
The XWiki blog application allows users of the XWiki platform to create and manage blog posts. Prior to version 9.14, the blog application in XWiki allowed remote code execution for any user who has edit right on any page. Normally, these are all logged-in users as they can edit their own user...
CVE-2025-58365 XWiki Blog Application: Privilege Escalation (PR) from account through blog content
The XWiki blog application allows users of the XWiki platform to create and manage blog posts. Prior to version 9.14, the blog application in XWiki allowed remote code execution for any user who has edit right on any page. Normally, these are all logged-in users as they can edit their own user...
GHSA-GWJ6-XPFG-PXWR XWiki Blog Application: Privilege Escalation (PR) from account through blog content
Impact The blog application in XWiki allowed remote code execution for any user who has edit right on any page. Normally, these are all logged-in users as they can edit their own user profile. To exploit, it is sufficient to add an object of type Blog.BlogPostClass to any page and to add some...