CVE-2025-27566

CVE-2025-27566 concerns a path traversal vulnerability in the backup feature of a-blog cms. The issue stems from insufficient path validation and affects versions prior to 3.1.43 (and prior to 3.0.47). An attacker who already has administrator privileges (remote authenticated administrator) could...

CVE-2025-32999

Cross-site scripting vulnerability exists in a-blog cms versions prior to Ver. 3.1.43 and prior to Ver. 3.0.47. This issue exists in a specific field in the entry editing screen, and exploitation requires contributor or higher level privileges. If this vulnerability is exploited, an arbitrary...

CVE-2025-32999

CVE-2025-32999 : The vulnerability affects a-blog cms prior to version 3.1.43 and prior to 3.0.47. It is a cross-site scripting issue in a specific field of the entry editing screen that requires contributor or higher privileges to exploit. If exploited, an arbitrary script may execute in the web...

CVE-2025-32999

Cross-site scripting vulnerability exists in a-blog cms versions prior to Ver. 3.1.43 and prior to Ver. 3.0.47. This issue exists in a specific field in the entry editing screen, and exploitation requires contributor or higher level privileges. If this vulnerability is exploited, an arbitrary...

CVE-2025-36560

CVE-2025-36560 is a server‑side request forgery affecting many versions of the a-blog cms. The Red Hat entry documents a remote unauthenticated attacker who can gain access to sensitive information by sending a crafted request. Several sources corroborate the same vulnerability description across...

CVE-2025-36560

Server-side request forgery vulnerability exists in a-blog cms multiple versions. If this vulnerability is exploited, a remote unauthenticated attacker may gain access to sensitive information by sending a specially crafted request...

CVE-2025-36560

Server-side request forgery vulnerability exists in a-blog cms multiple versions. If this vulnerability is exploited, a remote unauthenticated attacker may gain access to sensitive information by sending a specially crafted request...

CVE-2025-41429

CVE-2025-41429 affects a-blog CMS across multiple versions, where improper log neutralization is cited as the underlying issue. The entry notes that exploitation in combination with CVE-2025-36560 could allow a remote unauthenticated attacker to hijack a legitimate user’s session. Connected sourc...

CVE-2025-41429

a-blog cms multiple versions neutralize logs improperly. If this vulnerability is exploited with CVE-2025-36560, a remote unauthenticated attacker may hijack a legitimate user's session...

CVE-2025-41429

a-blog cms multiple versions neutralize logs improperly. If this vulnerability is exploited with CVE-2025-36560, a remote unauthenticated attacker may hijack a legitimate user's session...

appleple a-blog cms 代码问题漏洞

appleple a-blog cms is a content management system from appleple, Inc. A code issue vulnerability exists in appleple a-blog cms, which stems from server-side request forgery and could lead to the acquisition of sensitive information...

appleple a-blog cms 跨站脚本漏洞

appleple a-blog cms is a content management system from appleple. A cross-site scripting vulnerability exists in appleple a-blog cms versions prior to 3.1.43, which stems from improper input neutralization and could lead to cross-site scripting attacks...

appleple a-blog cms 安全漏洞

appleple a-blog cms is a content management system from appleple, Inc. A security vulnerability exists in appleple a-blog cms, which stems from improper log cleaning and could allow a remote, unauthenticated attacker to hijack a legitimate user session...

appleple a-blog cms 路径遍历漏洞

appleple a-blog cms is a content management system from appleple. A path traversal vulnerability exists in appleple a-blog cms versions prior to 3.1.43, which stems from insufficient path validation of the backup function, and could lead to a path traversal attack...

Malicious code in aads-blog (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a5b029c1e1a78aa275e83e7921d7d5c50626b37543ad1031e6461707103b6c8b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

PT-2025-21220 · Unknown · A-Blog Cms

Name of the Vulnerable Software and Affected Versions: a-blog cms affected versions not specified Description: A server-side request forgery vulnerability exists in a-blog cms, allowing a remote unauthenticated attacker to gain access to sensitive information by sending a specially crafted reques...

PT-2025-21221 · Unknown · A-Blog Cms

Name of the Vulnerable Software and Affected Versions: a-blog cms versions affected versions not specified Description: The issue is related to improper neutralization of logs. A remote unauthenticated attacker may hijack a legitimate user's session if the vulnerability is exploited...

PT-2025-21218 · Unknown · A-Blog Cms

Name of the Vulnerable Software and Affected Versions: a-blog cms versions prior to 3.1.43 a-blog cms versions prior to 3.0.47 Description: A cross-site scripting issue exists in a specific field in the entry editing screen of a-blog cms, requiring contributor or higher level privileges to exploi...

PT-2025-21216 · Unknown · A-Blog Cms

Name of the Vulnerable Software and Affected Versions: a-blog cms versions prior to 3.1.43 a-blog cms versions prior to 3.0.47 Description: The issue is related to insufficient path validation in the backup feature of a-blog cms, which can be exploited by a remote authenticated attacker with...

CVE-2025-21264

creationtimestamp| type| source ---|---|--- 2025-05-13 16:27:02+00:00| seen| https://www.thezdi.com/blog/2025/5/13/the-may-2025-security-update-review 2025-05-13 18:30:45+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/16179 2025-06-17 18:48:36+00:00| seen|...