CVE-2026-1810

A vulnerability was detected in bolo-blog bolo-solo up to 2.6.4. The impacted element is the function unpackFilteredZip of the file src/main/java/org/b3log/solo/bolo/prop/BackupService.java of the component ZIP File Handler. Performing a manipulation of the argument File results in path traversal...

CVE-2026-1810 bolo-blog bolo-solo ZIP File BackupService.java unpackFilteredZip path traversal

A vulnerability was detected in bolo-blog bolo-solo up to 2.6.4. The impacted element is the function unpackFilteredZip of the file src/main/java/org/b3log/solo/bolo/prop/BackupService.java of the component ZIP File Handler. Performing a manipulation of the argument File results in path traversal...

CVE-2026-24961

Server-Side Request Forgery SSRF vulnerability in ThemeGoods Grand Blog grandblog allows Server Side Request Forgery.This issue affects Grand Blog: from n/a through 3.1.5...

CVE-2026-24961 WordPress Grand Blog theme < 3.1.5 - Server Side Request Forgery (SSRF) vulnerability

Server-Side Request Forgery SSRF vulnerability in ThemeGoods Grand Blog grandblog allows Server Side Request Forgery.This issue affects Grand Blog: from n/a through 3.1.5...

CVE-2026-24961

Server-Side Request Forgery SSRF vulnerability in ThemeGoods Grand Blog grandblog allows Server Side Request Forgery.This issue affects Grand Blog: from n/a through 3.1.5...

CVE-2026-24961 WordPress Grand Blog theme < 3.1.5 - Server Side Request Forgery (SSRF) vulnerability

Server-Side Request Forgery SSRF vulnerability in ThemeGoods Grand Blog grandblog allows Server Side Request Forgery.This issue affects Grand Blog: from n/a through 3.1.5...

EUVD-2026-5223

Server-Side Request Forgery SSRF vulnerability in ThemeGoods Grand Blog grandblog allows Server Side Request Forgery.This issue affects Grand Blog: from n/a through 3.1.5...

CVE-2026-24961

CVE-2026-24961 is a Server-Side Request Forgery (SSRF) affecting ThemeGoods WordPress Grand Blog theme (Grand Blog) versions prior to 3.1.5, where the grandblog component is vulnerable. The root cause is SSRF in Grand Blog prior to 3.1.5, enabling an attacker to trigger requests from the server. ...

Everest Ransomware Claims 90GB Data Theft Involving Legacy Polycom Systems

Everest ransomware claims a breach involving legacy Polycom systems later acquired by HP Inc., alleging the theft of 90GB of internal data...

WordPress plugin Grand Blog 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

CI4MS 安全漏洞

CI4MS is an open-source blog page management tool developed by Ci4MS. Versions of CI4MS prior to 0.28.5.0 contained security vulnerabilities. These vulnerabilities stemmed from email enumeration issues in the authentication implementation. Unverified attackers could determine whether email...

PT-2026-6064

Name of the Vulnerable Software and Affected Versions bolo-blog bolo-solo versions up to 2.6.4 Description A path traversal issue exists due to the manipulation of the File argument within the importFromCnblogs function located in the src/main/java/org/b3log/solo/bolo/prop/BackupService.java file...

PT-2026-6065

Name of the Vulnerable Software and Affected Versions bolo-blog bolo-solo versions up to 2.6.4 Description A flaw exists in bolo-blog bolo-solo up to version 2.6.4, specifically within the FreeMarker Template Handler component and the file...

PT-2026-6062

Name of the Vulnerable Software and Affected Versions bolo-blog bolo-solo versions prior to 2.6.5 Description A path traversal issue exists in the ZIP File Handler component of bolo-blog bolo-solo. The issue is located in the unpackFilteredZip function within the...

PT-2026-6226

Name of the Vulnerable Software and Affected Versions Grand Blog versions prior to 3.1.5 Description A Server-Side Request Forgery SSRF issue exists in ThemeGoods Grand Blog. This allows for Server Side Request Forgery. Recommendations Update Grand Blog to version 3.1.5 or later...

PT-2026-6063

Name of the Vulnerable Software and Affected Versions bolo-blog bolo-solo versions up to 2.6.4 Description A path traversal issue exists in the Filename Handler component of bolo-blog bolo-solo. The issue is located in the importFromMarkdown function within the file...

CVE-2025-71179

Creativeitem Academy LMS 7.0 contains reflected Cross-Site Scripting XSS vulnerabilities via the search parameter to the /academy/blogs endpoint, and the string parameter to the /academy/coursebundles/search/query endpoint. These vulnerabilities are distinct from the patch for CVE-2023-4119, whic...

Jeffrey Epstein Had a ‘Personal Hacker,’ Informant Claims

Plus: AI agent OpenClaw gives cybersecurity experts the willies, China executes 11 scam compound bosses, a $40 million crypto theft has an unexpected alleged culprit, and more...

CVE-2020-37019

Orchard Core RC1 contains a persistent cross-site scripting vulnerability that allows remote attackers to inject malicious scripts through blog post creation. Attackers can create blog posts with embedded JavaScript in the MarkdownBodyPart.Source parameter to execute arbitrary scripts in victim...

Cross-site Scripting (XSS)

Overview OrchardCore is an application framework for building modular, multi-tenant applications on ASP.NET Core. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the MarkdownBodyPart.Source parameter during blog post creation. An attacker can execute arbitrary...