CVE-2025-9100 zhenfeng13 My-Blog Frontend Blog Article Comment comment authentication replay

A security flaw has been discovered in zhenfeng13 My-Blog 1.0.0. This vulnerability affects unknown code of the file /blog/comment of the component Frontend Blog Article Comment Handler. The manipulation leads to authentication bypass by capture-replay. The attack can be initiated remotely. The...

CVE-2025-9100

CVE-2025-9100 affects zhenfeng13 My-Blog 1.0.0, specifically the Frontend Blog Article Comment Handler in /blog/comment. The vulnerability allows authentication bypass via capture-replay and can be exploited remotely; public exploit information is available. Connected data indicate a PROOF-OF-CON...

My-Blog 安全漏洞

My-Blog is ZHENFENG13 individual developer by SpringBoot + Mybatis + Thymeleaf and other technologies to achieve the Java blog system, page beautiful, full-featured, easy to deploy and perfect code. A security vulnerability exists in My-Blog version 1.0.0, which stems from the lack of protection...

My-Blog 安全漏洞

My-Blog is ZHENFENG13 individual developer by SpringBoot + Mybatis + Thymeleaf and other technologies to achieve the Java blog system, page beautiful, full-featured, easy to deploy and perfect code. A security vulnerability exists in My-Blog 1.0.0 and earlier versions, which stems from the Tag...

PT-2025-33630 · Zhenfeng13 · Myblog

Name of the Vulnerable Software and Affected Versions: zhenfeng13 My-Blog versions prior to 1.0.1 Description: A weakness has been identified in the processing of the /admin/tags/save file within the Tag Handler component, leading to cross site scripting. The attack can be initiated remotely. The...

PT-2025-33629 · Zhenfeng13 · Myblog

Name of the Vulnerable Software and Affected Versions: zhenfeng13 My-Blog version 1.0.0 Description: A security flaw has been discovered in zhenfeng13 My-Blog 1.0.0. This vulnerability affects unknown code of the file /blog/comment of the component Frontend Blog Article Comment Handler. The...

CVE-2025-54740

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Michael Nelson Print My Blog print-my-blog allows Stored XSS.This issue affects Print My Blog: from n/a through = 3.27.9...

Akamai Named an Overall Leader for API Security by KuppingerCole

...

CVE-2025-54740

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Michael Nelson Print My Blog print-my-blog allows Stored XSS.This issue affects Print My Blog: from n/a through = 3.27.9...

Malicious code in blog-post-prisma-middleware-cls-hooked (npm)

The package blog-post-prisma-middleware-cls-hooked was found to contain malicious code...

Malicious code in clean-blog (npm)

The package clean-blog was found to contain malicious code...

Malicious code in l3mon-blog (npm)

The package l3mon-blog was found to contain malicious code...

MAL-2025-15836 Malicious code in blog-post-prisma-middleware-cls-hooked (npm)

The package blog-post-prisma-middleware-cls-hooked was found to contain malicious code...

MAL-2025-17097 Malicious code in clean-blog (npm)

The package clean-blog was found to contain malicious code...

MAL-2025-24855 Malicious code in l3mon-blog (npm)

The package l3mon-blog was found to contain malicious code...

CVE-2025-54740

CVE-2025-54740 concerns the WordPress plugin Print My Blog (versions up to 3.27.9) and is a stored XSS vulnerability arising from improper input neutralization during web page generation. Exploitation context details in the connected sources confirm the vulnerability is tied to the plugin’s handl...

CVE-2025-54740 WordPress Print My Blog Plugin <= 3.27.9 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Michael Nelson Print My Blog print-my-blog allows Stored XSS.This issue affects Print My Blog: from n/a through = 3.27.9...

CVE-2025-54740 WordPress Print My Blog Plugin <= 3.27.9 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Michael Nelson Print My Blog print-my-blog allows Stored XSS.This issue affects Print My Blog: from n/a through = 3.27.9...

CVE-2025-53631

flaskBlog is a blog app built with Flask. In versions 2.8.1 and prior, improper sanitization of postContent when submitting POST requests to /createpost leads to arbitrary JavaScript execution XSS on all pages the post is reflected on including /, /post/ID, /admin/posts, and /user/ID of the user...

Malicious Package

Overview zonblogcomment is a malicious package. This package contains malicious code, and its content was removed from the official package manager. The package appears to be part of a larger campaign targeting user credentials. It, and several other variations, masquerade as automation tools for...