WordPress Hello FSE Blog theme <= 1.0.6 - Broken Access Control Vulnerability

Broken Access Control Vulnerability discovered by Peter Thaleikis in WordPress Theme Hello FSE Blog versions = 1.0.6...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the displayablelinksjs function. An attacker can execute arbitrary JavaScript code in the context of another authenticated admin user's browser by creating a blog post with a crafted title and tricking the...

CVE-2025-6050

Mezzanine CMS, in versions prior to 6.1.1, contains a Stored Cross-Site Scripting XSS vulnerability in the admin interface. The vulnerability exists in the "displayablelinksjs" function, which fails to properly sanitize blog post titles before including them in JSON responses served via...

CVE-2025-6099 szluyu99 gin-vue-blog PATCH Request manager.go improper authorization

A vulnerability was found in szluyu99 gin-vue-blog up to 61dd11ccd296e8642a318ada3ef7b3f7776d2410. It has been declared as critical. This vulnerability affects unknown code of the file gin-blog-server/internal/manager.go of the component PATCH Request Handler. The manipulation leads to improper...

CVE-2025-6099

The CVE-2025-6099 entry concerns szluyu99 gin-vue-blog, specifically the PATCH Request Handler in gin-blog-server/internal/manager.go. The vulnerability is described as an improper authorization flaw that can be exploited remotely. Several connected sources corroborate a remote-access risk affect...

szluyu99 gin-vue-blog 安全漏洞

szluyu99 gin-vue-blog is a Golang full-stack blog by Zhenyu personal developer, supporting Docker Compose one-click deployment. Based on the latest front-end and back-end technology stack Vue3, TS, Unocs, Redis and so on. The front-end contains a blog post display front , blog background manageme...

PT-2025-25509 · Unknown · Szluyu99 Gin-Vue-Blog

Name of the Vulnerable Software and Affected Versions: szluyu99 gin-vue-blog up to 61dd11ccd296e8642a318ada3ef7b3f7776d2410 Description: A critical vulnerability was found in the PATCH Request Handler component of szluyu99 gin-vue-blog, affecting unknown code in the file...

Friday Squid Blogging: Stubby Squid

Video of the stubby squid Rossia pacifica from offshore Vancouver Island. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered...

CVE-2025-47176

creationtimestamp| type| source ---|---|--- 2025-06-10 15:24:53+00:00| seen| https://www.thezdi.com/blog/2025/6/10/the-june-2025-security-update-review 2025-06-10 17:32:36+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/17944 2025-06-12 04:23:13+00:00| seen|...

CVE-2025-33063

creationtimestamp| type| source ---|---|--- 2025-06-10 15:24:53+00:00| seen| https://www.thezdi.com/blog/2025/6/10/the-june-2025-security-update-review...

CVE-2025-33068

creationtimestamp| type| source ---|---|--- 2025-06-10 15:24:53+00:00| seen| https://www.thezdi.com/blog/2025/6/10/the-june-2025-security-update-review 2025-06-10 23:33:14+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/18027...

CVE-2025-47163

creationtimestamp| type| source ---|---|--- 2025-06-10 15:24:53+00:00| seen| https://www.thezdi.com/blog/2025/6/10/the-june-2025-security-update-review 2025-06-10 19:29:37+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lrbmvrxite2o 2025-06-10 23:33:07+00:00| seen|...

CVE-2025-47173

creationtimestamp| type| source ---|---|--- 2025-06-10 15:24:53+00:00| seen| https://www.thezdi.com/blog/2025/6/10/the-june-2025-security-update-review 2025-06-10 17:32:42+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/17947...

CVE-2025-47172

creationtimestamp| type| source ---|---|--- 2025-06-10 15:24:53+00:00| seen| https://www.thezdi.com/blog/2025/6/10/the-june-2025-security-update-review 2025-06-10 17:32:43+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/17948 2025-06-11 07:01:39+00:00| exploited| https://t.me/kasperskyb2b/1772...

CVE-2025-32719

creationtimestamp| type| source ---|---|--- 2025-06-10 15:24:53+00:00| seen| https://www.thezdi.com/blog/2025/6/10/the-june-2025-security-update-review...

CVE-2025-32722

creationtimestamp| type| source ---|---|--- 2025-06-10 15:24:53+00:00| seen| https://www.thezdi.com/blog/2025/6/10/the-june-2025-security-update-review...

CVE-2025-33057

creationtimestamp| type| source ---|---|--- 2025-06-10 15:24:53+00:00| seen| https://www.thezdi.com/blog/2025/6/10/the-june-2025-security-update-review 2025-06-10 23:33:15+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/18028...

CVE-2025-33065

creationtimestamp| type| source ---|---|--- 2025-06-10 15:24:53+00:00| seen| https://www.thezdi.com/blog/2025/6/10/the-june-2025-security-update-review...

CVE-2025-5513

A vulnerability has been found in quequnlong shiyi-blog up to 1.2.1 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /dev-api/api/comment/add. The manipulation of the argument content leads to cross site scripting. The attack can be launched...

CVE-2025-5511

A vulnerability, which was classified as critical, has been found in quequnlong shiyi-blog up to 1.2.1. This issue affects some unknown processing of the file /dev api/app/album/photos/. The manipulation leads to improper authorization. The attack may be initiated remotely. The exploit has been...