7703 matches found
CVE-2025-9151
A security flaw has been discovered in LiuYuYang01 ThriveX-Blog up to 3.1.7. Affected by this vulnerability is the function updateJsonValueByName of the file /webconfig/json/name/web. Performing manipulation results in improper authorization. It is possible to initiate the attack remotely. The...
CVE-2025-9151 LiuYuYang01 ThriveX-Blog web updateJsonValueByName improper authorization
A security flaw has been discovered in LiuYuYang01 ThriveX-Blog up to 3.1.7. Affected by this vulnerability is the function updateJsonValueByName of the file /webconfig/json/name/web. Performing manipulation results in improper authorization. It is possible to initiate the attack remotely. The...
CVE-2025-9151 LiuYuYang01 ThriveX-Blog web updateJsonValueByName improper authorization
A security flaw has been discovered in LiuYuYang01 ThriveX-Blog up to 3.1.7. Affected by this vulnerability is the function updateJsonValueByName of the file /webconfig/json/name/web. Performing manipulation results in improper authorization. It is possible to initiate the attack remotely. The...
CVE-2025-9151
The CVE-2025-9151 entry concerns LiuYuYang01 ThriveX-Blog (versions up to 3.1.7). The vulnerability resides in the updateJsonValueByName function within /web_config/json/name/web, enabling improper authorization and remote initiation. Public exploit material exists, and multiple sources confirm t...
GHSA-9G9J-3W64-3CJH MoonShine SQL Injection Vulnerability
MoonShine v3.12.5 was discovered to contain a SQL injection vulnerability via the Data parameter under the Blog module...
MoonShine SQL Injection Vulnerability
MoonShine v3.12.5 was discovered to contain a SQL injection vulnerability via the Data parameter under the Blog module...
CVE-2025-51510
MoonShine was discovered to contain a SQL injection vulnerability under the Blog - Categories page when using the moonshine-tree-resource version 2.0.2 component...
CVE-2025-51510
MoonShine was discovered to contain a SQL injection vulnerability under the Blog - Categories page when using the moonshine-tree-resource version 2.0.2 component...
CVE-2025-51510
MoonShine contains a SQL injection in the Blog module via the data parameter of the moonshine-tree-resource component (versions Categories page. Root cause: unsafely embedded data parameter allows injection; PoCs and public reports describe extracting data from moonshine_users and demonstrating ...
ThriveX-Blog 安全漏洞
ThriveX-Blog is a blog management system by the individual developer LiuYuYang01. A security vulnerability exists in ThriveX-Blog 3.1.7 and earlier versions, which originates from an improper authorization issue in the function updateJsonValueByName in the file /webconfig/json/name/web...
CVE-2025-51510
MoonShine was discovered to contain a SQL injection vulnerability under the Blog - Categories page when using the moonshine-tree-resource version 2.0.2 component...
PT-2025-33839 · Unknown · Thrivex-Blog
Name of the Vulnerable Software and Affected Versions: LiuYuYang01 ThriveX-Blog versions through 3.1.7 Description: A security flaw exists in the updateJsonValueByName function within the /web config/json/name/web file. This flaw results in improper authorization and allows for remote attacks. Th...
CVE-2025-51510
MoonShine was discovered to contain a SQL injection vulnerability under the Blog - Categories page when using the moonshine-tree-resource version 2.0.2 component...
CVE-2025-9101
A weakness has been identified in zhenfeng13 My-Blog up to 1.0.0. This issue affects some unknown processing of the file /admin/tags/save of the component Tag Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the publi...
CVE-2025-9101
A weakness has been identified in zhenfeng13 My-Blog up to 1.0.0. This issue affects some unknown processing of the file /admin/tags/save of the component Tag Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the publi...
CVE-2025-9100
A security flaw has been discovered in zhenfeng13 My-Blog 1.0.0. This vulnerability affects unknown code of the file /blog/comment of the component Frontend Blog Article Comment Handler. The manipulation leads to authentication bypass by capture-replay. The attack can be initiated remotely. The...
CVE-2025-9100
A security flaw has been discovered in zhenfeng13 My-Blog 1.0.0. This vulnerability affects unknown code of the file /blog/comment of the component Frontend Blog Article Comment Handler. The manipulation leads to authentication bypass by capture-replay. The attack can be initiated remotely. The...
CVE-2025-9101 zhenfeng13 My-Blog Tag save cross site scripting
A weakness has been identified in zhenfeng13 My-Blog up to 1.0.0. This issue affects some unknown processing of the file /admin/tags/save of the component Tag Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the publi...
CVE-2025-9101 zhenfeng13 My-Blog Tag save cross site scripting
A weakness has been identified in zhenfeng13 My-Blog up to 1.0.0. This issue affects some unknown processing of the file /admin/tags/save of the component Tag Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the publi...
CVE-2025-9100 zhenfeng13 My-Blog Frontend Blog Article Comment comment authentication replay
A security flaw has been discovered in zhenfeng13 My-Blog 1.0.0. This vulnerability affects unknown code of the file /blog/comment of the component Frontend Blog Article Comment Handler. The manipulation leads to authentication bypass by capture-replay. The attack can be initiated remotely. The...