XWiki Blog Application: Privilege Escalation (PR) from account through blog content

Impact The blog application in XWiki allowed remote code execution for any user who has edit right on any page. Normally, these are all logged-in users as they can edit their own user profile. To exploit, it is sufficient to add an object of type Blog.BlogPostClass to any page and to add some...

WordPress Healthy Blog Theme <= 1.2.8 - Local File Inclusion Vulnerability

Local File Inclusion Vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Healthy Blog versions = 1.2.8...

Introducing wasi-grpc for Spin

...

XWiki Contrib Mocca Calendar Application 安全漏洞

XWiki Contrib Mocca Calendar Application is an XWiki plugin from XWiki Contrib open source. A security vulnerability exists in XWiki Contrib Mocca Calendar Application versions prior to 9.14, which stems from a remote code execution in the blog application...

WordPress Healthy Blog Theme <= 1.2.8 is vulnerable to Local File Inclusion

Software Healthy Blog Type Theme Vulnerable versions = 1.2.8 Fixed in N/A OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2025-26592 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID 0d2d1669d802 Credits Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunit...

PT-2025-36622

Impact The blog application in XWiki allowed remote code execution for any user who has edit right on any page. Normally, these are all logged-in users as they can edit their own user profile. To exploit, it is sufficient to add an object of type Blog.BlogPostClass to any page and to add some...

PT-2025-36511

Name of the Vulnerable Software and Affected Versions: XWiki versions prior to 9.14 Description: The XWiki blog application allows users of the XWiki platform to create and manage blog posts. Prior to version 9.14, the blog application allowed remote code execution for any logged-in user with edi...

CVE-2025-9929

A weakness has been identified in code-projects Responsive Blog Site 1.0. This affects an unknown function of the file blogsview.php. Executing manipulation of the argument productcode/genname/productname/supplier can lead to cross site scripting. It is possible to launch the attack remotely. The...

Malicious code in stxnext-blog-zh (npm)

The package stxnext-blog-zh was found to contain malicious code...

MAL-2025-46150 Malicious code in stxnext-blog-zh (npm)

The package stxnext-blog-zh was found to contain malicious code...

Certificate Chaos and the Case for Automated Posture Management

...

CVE-2025-9929

A weakness has been identified in code-projects Responsive Blog Site 1.0. This affects an unknown function of the file blogsview.php. Executing manipulation of the argument productcode/genname/productname/supplier can lead to cross site scripting. It is possible to launch the attack remotely. The...

CVE-2025-9929

A weakness has been identified in code-projects Responsive Blog Site 1.0. This affects an unknown function of the file blogsview.php. Executing manipulation of the argument productcode/genname/productname/supplier can lead to cross site scripting. It is possible to launch the attack remotely. The...

CVE-2025-9929 code-projects Responsive Blog Site blogs_view.php cross site scripting

A weakness has been identified in code-projects Responsive Blog Site 1.0. This affects an unknown function of the file blogsview.php. Executing manipulation of the argument productcode/genname/productname/supplier can lead to cross site scripting. It is possible to launch the attack remotely. The...

CVE-2025-9929

The CVE-2025-9929 entry concerns Code-Projects Responsive Blog Site 1.0. A vulnerability in blogs_view.php arises from improper manipulation of the parameters product_code, gen_name, product_name, and supplier, enabling cross-site scripting. The issue appears exploitable remotely and an exploit h...

Linux Distros Unpatched Vulnerability : CVE-2013-2082

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Moodle through 2.1.10, 2.2.x before 2.2.10, 2.3.x before 2.3.7, and 2.4.x before 2.4.4 does not enforce capability requirements for reading blog comments, which...

Linux Distros Unpatched Vulnerability : CVE-2017-7489

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Moodle 2.x and 3.x, remote authenticated users can take ownership of arbitrary blogs by editing an external blog link. CVE-2017-7489 Note that Nessus relies ...

CVE-2025-47696

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in solwin Blog Designer PRO blog-designer-pro.This issue affects Blog Designer PRO: from n/a through = 3.4.7...

Linux Distros Unpatched Vulnerability : CVE-2023-23922

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The vulnerability was found Moodle which exists due to insufficient sanitization of user-supplied data in blog search. A remote attacker can trick the victim to...

WordPress Solwin Blog Designer PRO plugin file inclusion vulnerability

WordPress Solwin Blog Designer PRO plugin is a WordPress plugin, mainly used for customizing the design of blog pages, without coding to achieve a variety of style adjustments. A file inclusion vulnerability exists in the WordPress Solwin Blog Designer PRO plugin, which stems from not effectively...