CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

NVD•added 2025/08/31 4:15 a.m.•2 views

CVE-2025-47696

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in solwin Blog Designer PRO blog-designer-pro.This issue affects Blog Designer PRO: from n/a through = 3.4.7...

8.1CVSS0.00436EPSS

Cvelist•added 2025/08/31 3:48 a.m.•8 views

CVE-2025-47696 WordPress Blog Designer PRO plugin <= 3.4.7 - Unauthenticated Non-Arbitrary Local File Inclusion vulnerability

8.1CVSS0.00436EPSS

Vulnrichment•added 2025/08/31 3:48 a.m.•1 views

CVE-2025-47696 WordPress Blog Designer PRO plugin <= 3.4.7 - Unauthenticated Non-Arbitrary Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Solwin Blog Designer PRO.This issue affects Blog Designer PRO: from n/a through 3.4.7...

8.1CVSS6.6AI score0.00436EPSS

CVE•added 2025/08/31 3:48 a.m.•20 views

CVE-2025-47696

CVE-2025-47696 affects WordPress: Solwin Blog Designer PRO plugin, vulnerable through an improper control of the filename for include/require statements, enabling a PHP Remote File Inclusion. Affected versions are Blog Designer PRO up to 3.4.7. The root cause is local file inclusion via unfiltere...

8.1CVSS5.9AI score0.00436EPSS

GithubExploit•added 2025/08/31 1:25 a.m.•79 views

HEVD-Exploits

HEVD-Exploits We will exploit HEVD vulner...

7.1AI score

CNNVD•added 2025/08/31 12:0 a.m.•2 views

WordPress Plugin Solwin Blog Designer PRO 安全漏洞

WordPress Solwin Blog Designer PRO plugin is a WordPress plugin, mainly used for customizing the design of blog pages, without coding to achieve a variety of style adjustments. A file inclusion vulnerability exists in the WordPress Solwin Blog Designer PRO plugin, which stems from not effectively...

8.1CVSS6.5AI score0.00436EPSS

Positive Technologies•added 2025/08/31 12:0 a.m.•2 views

PT-2025-35388

Name of the Vulnerable Software and Affected Versions: Solwin Blog Designer PRO versions through 3.4.7 Description: The software is susceptible to a PHP Remote File Inclusion issue due to improper control of filename for include/require statements. This allows for potential code execution...

8.1CVSS7.5AI score0.00436EPSS

Exploits0References7

Tenable Nessus•added 2025/08/30 12:0 a.m.•4 views

Linux Distros Unpatched Vulnerability : CVE-2017-17091

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - wp-admin/user-new.php in WordPress before 4.9.1 sets the newbloguser key to a string that can be directly derived from the user ID, which allows remote attacker...

8.8CVSS7.8AI score0.08204EPSS

Exploits0References2

Patchstack•added 2025/08/29 7:54 a.m.•3 views

WordPress Blog Designer PRO plugin <= 3.4.8 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Trương Hữu Phúc truonghuuphuc in WordPress Plugin Blog Designer PRO versions = 3.4.8...

5.3CVSS7AI score0.00227EPSS

Exploits0Affected Software1

Akamai Blog•added 2025/08/27 10:20 a.m.•2 views

Announcing Spin 3.4

...

5.8AI score

Akamai Blog•added 2025/08/27 10:20 a.m.•3 views

Our New Premium Managed Databases Plan for Resource-Intensive Workloads

...

7AI score

Tenable Nessus•added 2025/08/27 12:0 a.m.•2 views

Linux Distros Unpatched Vulnerability : CVE-2020-28037

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - isbloginstalled in wp-includes/functions.php in WordPress before 5.5.2 improperly determines whether WordPress is already installed, which might allow an attack...

9.8CVSS8.8AI score0.0774EPSS

Exploits0References2

Akamai Blog•added 2025/08/26 10:20 a.m.•4 views

Boost EdgeWorker Observability: Set Up Logging With DataStream

...

7AI score

Cvelist•added 2025/08/25 12:0 a.m.•7 views

CVE-2025-29420

PerfreeBlog v4.0.11 has a directory traversal vulnerability in the getThemeFilesByName function...

0.00848EPSS

Exploits1References1

RedhatCVE•added 2025/08/24 12:13 a.m.•6 views

CVE-2024-50644

zhisheng17 blog 3.0.1-SNAPSHOT has an authentication bypass vulnerability. An attacker can exploit this vulnerability to access API without any token...

9.8CVSS7.4AI score0.00481EPSS

NVD•added 2025/08/22 5:15 p.m.•6 views

CVE-2024-50644

zhisheng17 blog 3.0.1-SNAPSHOT has an authentication bypass vulnerability. An attacker can exploit this vulnerability to access API without any token...

9.8CVSS0.00481EPSS

CVE•added 2025/08/22 12:0 a.m.•21 views

CVE-2024-50644

CVE-2024-50644 affects zhisheng17 blog 3.0.1-SNAPSHOT. The provided documents describe an authentication bypass vulnerability that allows an attacker to access the API without a token. Affected component is the Blog software’s authentication mechanism; the root cause is an authentication bypass, ...

9.8CVSS6.8AI score0.00481EPSS

CNNVD•added 2025/08/22 12:0 a.m.•1 views

Kyrie Blog 安全漏洞

Kyrie Blog is a personal blogging system by caozongpeng individual developer. A security vulnerability exists in Kyrie Blog version 1.0.0, which stems from improper access control of the preHandle function, which may result in unauthorized access to sensitive components...

7.5CVSS6.4AI score0.00336EPSS