CVE-2025-21184

creationtimestamp| type| source ---|---|--- 2025-02-11 18:08:38+00:00| seen| https://www.thezdi.com/blog/2025/2/11/the-february-2025-security-update-review 2025-02-11 18:16:35+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3lhwbdna7lo2a 2025-02-11 18:19:13+00:00| seen|...

GHSA-CRG3-FJM2-XVPQ

creationtimestamp| type| source ---|---|--- 2025-02-11 14:00:07+00:00| seen| https://daniel.haxx.se/blog/2025/02/11/disabling-cert-checks-we-have-not-learned-much/...

GHSA-9MGX-552F-59P6

creationtimestamp| type| source ---|---|--- 2025-02-11 09:53:02+00:00| seen| https://mastodon.social/users/bagder/statuses/113984640008586392 2025-02-11 10:01:07+00:00| seen| https://bsky.app/profile/bagder.mastodon.social.ap.brid.gy/post/3lhvf7dyo2642 2025-02-11 14:00:07+00:00| seen|...

OneBlog 安全漏洞

OneBlog is a Java blog. OneBlog suffers from a template injection vulnerability, no details of the vulnerability are provided at this time...

Friday Squid Blogging: The Colossal Squid

Long article on the colossal squid. Blog moderation policy...

CVE-2025-0460

A vulnerability, which was classified as critical, was found in Blog Botz for Journal Theme 1.0 on OpenCart. This affects an unknown part of the file /index.php?route=extension/module/blogadd. The manipulation of the argument image leads to unrestricted upload. It is possible to initiate the atta...

CVE-2019-17535

Gila CMS through 1.11.4 allows blog-list.php XSS, in both the gila-blog and gila-mag themes, via the search parameter, a related issue to CVE-2019-9647...

CVE-2020-15276

baserCMS before version 4.4.1 is vulnerable to Cross-Site Scripting. Arbitrary JavaScript may be executed by entering a crafted nickname in blog comments. The issue affects the blog comment component. It is fixed in version 4.4.1...

CVE-2024-25610

In Liferay Portal 7.2.0 through 7.4.3.12, and older unsupported versions, and Liferay DXP 7.4 before update 9, 7.3 before update 4, 7.2 before fix pack 19, and older unsupported versions, the default configuration does not sanitize blog entries of JavaScript, which allows remote authenticated use...

CVE-2024-52413

Deserialization of Untrusted Data vulnerability in dmcwebzone Airin Blog airin-blog allows Object Injection.This issue affects Airin Blog: from n/a through = 1.6.1...

CVE-2024-52498

Path Traversal: '.../...//' vulnerability in softpulseinfotech SP Blog Designer sp-blog-designer allows PHP Local File Inclusion.This issue affects SP Blog Designer: from n/a through = 1.0.0...

CVE-2024-7432

The Unseen Blog theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.0.0 via deserialization of untrusted input. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject a PHP Object. No known POP chain is...

CVE-2024-32531

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Everest themes GuCherry Blog allows Reflected XSS.This issue affects GuCherry Blog: from n/a through 1.1.8...

CVE-2024-9932

The Wux Blog Editor plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'wuxbtinsertImageNew' function in versions up to, and including, 3.0.0. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected...

CVE-2024-51639

Cross-Site Request Forgery CSRF vulnerability in Hints Naver Blog naver-blog-api allows Stored XSS.This issue affects Naver Blog: from n/a through = 1.0...

CVE-2024-13200

A vulnerability, which was classified as critical, was found in wander-chu SpringBoot-Blog 1.0. This affects the function preHandle of the file src/main/java/com/my/blog/website/interceptor/BaseInterceptor.java of the component HTTP POST Request Handler. The manipulation leads to improper access...

CVE-2024-53722

Cross-Site Request Forgery CSRF vulnerability in rockemmusic Favicon My Blog favicon-my-blog allows Stored XSS.This issue affects Favicon My Blog: from n/a through = 1.0.2...

WordPress Blog, Posts and Category Filter for Elementor plugin <= 2.0.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by ghsinfosec Patchstack Alliance in WordPress Plugin Blog, Posts and Category Filter for Elementor versions = 2.0.1...

Friday Squid Blogging: On Squid Brains

Interesting. Blog moderation policy...

CVE-2024-12043

The Prime Slider – Addons For Elementor Revolution of a slider, Hero Slider, Post Slider and Ecommerce Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'sociallinktitle' parameter of the 'blog' widget in all versions up to, and including, 3.16.5 due to insufficient...