CVE-2025-53631 flaskBlog XSS Vulnerability in postContent

flaskBlog is a blog app built with Flask. In versions 2.8.1 and prior, improper sanitization of postContent when submitting POST requests to /createpost leads to arbitrary JavaScript execution XSS on all pages the post is reflected on including /, /post/ID, /admin/posts, and /user/ID of the user...

CVE-2025-53631

FlaskBlog vulnerability CVE-2025-53631 affects FlaskBlog versions prior to 2.8.1. Root cause: improper sanitization of postContent submitted to /createpost, enabling arbitrary JavaScript execution (XSS) on all pages where the post is reflected (/, /post/[ID], /admin/posts, /user/[ID]). Impact is ...

WordPress Print My Blog Plugin <= 3.27.9 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by zaim in WordPress Plugin Print My Blog versions = 3.27.9...

WordPress plugin Print My Blog 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on servers running PHP and MySQL. WordPress plugin is an application plugin. A cross-site scripting vulnerability...

PT-2025-33264 · Moonshine · Moonshine

Name of the Vulnerable Software and Affected Versions: MoonShine version 3.12.5 Description: MoonShine version 3.12.5 contains a SQL injection issue within the Blog module, specifically through the Data parameter. Recommendations: As a temporary workaround, consider restricting access to the Blog...

PT-2025-33392 · Unknown · Print My Blog

Name of the Vulnerable Software and Affected Versions: Print My Blog versions through 3.27.9 Description: Improper neutralization of input during web page generation allows for stored cross-site scripting. Recommendations: At the moment, there is no information about a newer version that contains...

CVE-2025-8927

A vulnerability was determined in mtons mblog up to 3.5.0. Affected by this issue is some unknown functionality of the file /email/sendcode of the component Verification Code Handler. The manipulation of the argument email leads to improper restriction of excessive authentication attempts. The...

AI Applications in Cybersecurity

There is a really great series of online events highlighting cool uses of AI in cybersecurity, titled Prompt||GTFO. Videos from the first three events are online. And here's where to register to attend, or participate, in the fourth. Some really great stuff here...

WordPress Blog Designer PRO plugin <= 3.4.7 - Authenticated Non-Arbitrary Local File Inclusion vulnerability

Authenticated Non-Arbitrary Local File Inclusion vulnerability discovered by Seb in WordPress Plugin Blog Designer PRO versions = 3.4.7...

CVE-2025-50155

creationtimestamp| type| source ---|---|--- 2025-08-12 16:01:32+00:00| seen| https://www.thezdi.com/blog/2025/8/12/the-august-2025-security-update-review...

CVE-2025-50173

creationtimestamp| type| source ---|---|--- 2025-08-12 16:01:32+00:00| seen| https://www.thezdi.com/blog/2025/8/12/the-august-2025-security-update-review 2025-09-04 12:01:54+00:00| seen| https://bsky.app/profile/jbhall56.bsky.social/post/3lxz3ydwhks2b 2025-09-05 08:33:55+00:00| seen|...

CVE-2025-53149

creationtimestamp| type| source ---|---|--- 2025-08-12 16:01:32+00:00| seen| https://www.thezdi.com/blog/2025/8/12/the-august-2025-security-update-review 2025-09-05 12:03:14+00:00| seen| https://bsky.app/profile/crowdcyber.bsky.social/post/3ly3mjothyx26 2025-09-05 13:09:30+00:00| seen|...

CVE-2025-50168

creationtimestamp| type| source ---|---|--- 2025-08-12 16:01:32+00:00| seen| https://www.thezdi.com/blog/2025/8/12/the-august-2025-security-update-review 2025-08-14 03:00:00+00:00| seen| http://www.zerodayinitiative.com/advisories/ZDI-25-843/ 2025-08-22 14:52:22+00:00| seen|...

CVE-2025-53133

creationtimestamp| type| source ---|---|--- 2025-08-12 16:01:32+00:00| seen| https://www.thezdi.com/blog/2025/8/12/the-august-2025-security-update-review...

CVE-2025-53144

creationtimestamp| type| source ---|---|--- 2025-08-12 16:01:32+00:00| seen| https://www.thezdi.com/blog/2025/8/12/the-august-2025-security-update-review 2025-08-13 11:25:06+00:00| seen| https://poliverso.org/objects/0477a01e-ff471c89-9928bd439ee1052f...

CVE-2025-49757

creationtimestamp| type| source ---|---|--- 2025-08-12 16:01:32+00:00| seen| https://www.thezdi.com/blog/2025/8/12/the-august-2025-security-update-review 2025-08-13 11:25:06+00:00| seen| https://poliverso.org/objects/0477a01e-ff471c89-9928bd439ee1052f...

CVE-2025-49758

creationtimestamp| type| source ---|---|--- 2025-08-12 16:01:32+00:00| seen| https://www.thezdi.com/blog/2025/8/12/the-august-2025-security-update-review 2025-08-13 10:34:03+00:00| seen| https://bsky.app/profile/secqube.com/post/3lwbmt2dypy2l 2026-01-15 19:53:24+00:00| seen|...

CVE-2025-49759

creationtimestamp| type| source ---|---|--- 2025-08-12 16:01:32+00:00| seen| https://www.thezdi.com/blog/2025/8/12/the-august-2025-security-update-review...

CVE-2025-25005

creationtimestamp| type| source ---|---|--- 2025-08-12 16:01:32+00:00| seen| https://www.thezdi.com/blog/2025/8/12/the-august-2025-security-update-review 2025-08-16 08:01:43+00:00| seen| https://bsky.app/profile/getpokemon7.bsky.social/post/3lwivpe2hy22d 2025-08-16 08:02:18+00:00| seen|...

CVE-2025-25006

creationtimestamp| type| source ---|---|--- 2025-08-12 16:01:32+00:00| seen| https://www.thezdi.com/blog/2025/8/12/the-august-2025-security-update-review...