baserCMS SQL注入漏洞

BaserCMS is a corporate-level content management system CMS developed by the BaserCMS team. Versions of BaserCMS prior to 5.2.3 had an SQL injection vulnerability; this vulnerability originated from the blog article-related functionality and made it susceptible to SQL injection attacks...

CVE-2025-61616

creationtimestamp| type| source ---|---|--- 2026-03-30 06:00:13+00:00| seen| https://bsky.app/profile/cyberhub.blog/post/3miaycaabi223...

CVE-2026-30689

A blog.admin v.8.0 and before system's getinfobytoken API interface contains an improper access control which leads to sensitive data exposure. Unauthorized parties can obtain sensitive administrator account information via a valid token, threatening system security...

CVE-2018-25210

creationtimestamp| type| source ---|---|--- 2026-03-27 19:20:09+00:00| seen| https://bsky.app/profile/cyberhub.blog/post/3mi2tlubztk2c...

CVE-2026-30689

A blog.admin v.8.0 and before system's getinfobytoken API interface contains an improper access control which leads to sensitive data exposure. Unauthorized parties can obtain sensitive administrator account information via a valid token, threatening system security...

CVE-2026-34359

creationtimestamp| type| source ---|---|--- 2026-03-27 13:32:19+00:00| published-proof-of-concept| https://github.com/hapifhir/org.hl7.fhir.core/security/advisories/GHSA-fgv2-4q4g-wc35 2026-03-31 19:20:27+00:00| published-proof-of-concept| Telegram/pGlKXNBirRT0gxqFC1bVLs6pojbUfu72MTdyyvCxHD2SpM...

CVE-2025-36258

creationtimestamp| type| source ---|---|--- 2026-03-27 02:00:15+00:00| seen| https://bsky.app/profile/cyberhub.blog/post/3mhyzidod3h2f...

CVE-2026-33914

creationtimestamp| type| source ---|---|--- 2026-03-27 01:00:13+00:00| seen| https://bsky.app/profile/cyberhub.blog/post/3mhyw4ztj3i2v...

CVE-2025-55263

creationtimestamp| type| source ---|---|--- 2026-03-27 00:40:10+00:00| seen| https://bsky.app/profile/cyberhub.blog/post/3mhyuz4aenf2a...

CVE-2026-30689

The CVE concerns blog.admin, version 8.0 and earlier, where the getinfobytoken API interface has improper access control. This allows an attacker with a valid token to access sensitive administrator account information, exposing credentials or related admin data and threatening system security. T...

CVE-2026-30689

A blog.admin v.8.0 and before system's getinfobytoken API interface contains an improper access control which leads to sensitive data exposure. Unauthorized parties can obtain sensitive administrator account information via a valid token, threatening system security...

Blog.Admin 安全漏洞

Blog.Admin is a backend permission management system developed by the individual developer sonzhang, based on Vue.js. Versions of blog.admin v.8.0 and earlier have security vulnerabilities. These vulnerabilities stem from improper access control in the getinfobytoken API interface, which could...

PT-2026-28417

A blog.admin v.8.0 and before system's getinfobytoken API interface contains an improper access control which leads to sensitive data exposure. Unauthorized parties can obtain sensitive administrator account information via a valid token, threatening system security...

CVE-2026-30689

A blog.admin v.8.0 and before system's getinfobytoken API interface contains an improper access control which leads to sensitive data exposure. Unauthorized parties can obtain sensitive administrator account information via a valid token, threatening system security...

CVE-2026-30689

A blog.admin v.8.0 and before system's getinfobytoken API interface contains an improper access control which leads to sensitive data exposure. Unauthorized parties can obtain sensitive administrator account information via a valid token, threatening system security...

CVE-2026-33664

creationtimestamp| type| source ---|---|--- 2026-03-26 23:20:03+00:00| seen| Telegram/8zEAgaRSdVOPVh8YiiaVjapuYDuCzradOizJ-8M58UocKc 2026-03-31 05:00:13+00:00| seen| https://bsky.app/profile/cyberhub.blog/post/3midffuq3aw2v...

CVE-2026-33645

creationtimestamp| type| source ---|---|--- 2026-03-26 23:19:48+00:00| seen| Telegram/lYHJ2uqEkk9SWNnUth8Z9R1ezNKbfqND5wGUosjkyCOBSr0 2026-03-31 06:00:14+00:00| seen| https://bsky.app/profile/cyberhub.blog/post/3midir6ogjx2v 2026-04-02 20:06:08+00:00| seen|...

CVE-2026-35632

creationtimestamp| type| source ---|---|--- 2026-03-26 21:49:25+00:00| published-proof-of-concept| https://github.com/advisories/GHSA-7xr2-q9vf-x4r5 2026-04-09 23:30:23+00:00| published-proof-of-concept| Telegram/n2dd6XRjJv9G8jt1S2EaZawu98TdZ3-sGq35ZGwXZFcMAwI 2026-04-16 09:37:10+00:00| seen|...

CVE-2026-33504

creationtimestamp| type| source ---|---|--- 2026-03-26 19:26:19+00:00| published-proof-of-concept| Telegram/Dv-WNIQSBfenZP-L8llbvWNomtb7L7cuRFseuDShUkzpu6g 2026-04-08 07:00:14+00:00| seen| https://bsky.app/profile/cyberhub.blog/post/3mixptt4jte2f...

CVE-2026-32357

Server-Side Request Forgery SSRF vulnerability in Katsushi Kawamori Simple Blog Card simple-blog-card allows Server Side Request Forgery.This issue affects Simple Blog Card: from n/a through = 2.37...