Lucene search
K

417 matches found

CVE
CVE
added 2025/12/08 12:0 a.m.27 views

CVE-2025-61318

CVE-2025-61318 affects Emlog Pro 2.5.20. The vulnerability stems from the admin/template.php and admin/plugin.php components where path validation is missing and deletion parameters are not properly filtered, allowing directory traversal that can lead to arbitrary file deletion. The issue is not ...

9.1CVSS7AI score0.00637EPSS
Exploits1References1Affected Software1
RedhatCVE
RedhatCVE
added 2025/10/25 8:31 p.m.7 views

CVE-2025-62717

Emlog is an open source website building system. In version 2.5.23, Emlog Pro is vulnerable to a session verification code error due to a clearing logic error. This means the verification code could be reused anywhere an email verification code is required. This issue has been fixed in commit...

9.1CVSS7AI score0.00363EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/10/25 12:0 a.m.7 views

Emlog Pro 安全漏洞

Emlog Pro is an Emlog open source blogging system. A security vulnerability exists in Emlog Pro version 2.5.23, which stems from an error in the session CAPTCHA clearing logic that could lead to CAPTCHAs being reused...

9.1CVSS6.5AI score0.00363EPSS
Exploits0References1
NVD
NVD
added 2025/10/24 9:16 p.m.12 views

CVE-2025-62717

Emlog is an open source website building system. In version 2.5.23, Emlog Pro is vulnerable to a session verification code error due to a clearing logic error. This means the verification code could be reused anywhere an email verification code is required. This issue has been fixed in commit...

9.1CVSS0.00363EPSS
Exploits0References2
CVE
CVE
added 2025/10/24 8:13 p.m.32 views

CVE-2025-62717

CVE-2025-62717 affects Emlog Pro 2.5.23, where a clearing-logic error in session verification code allows reuse of verification codes. The issue has a fix in commit 1f726df. Remediation: upgrade to a version including the fix (per the cited advisories). If upgrading is not possible, apply the pat...

9.1CVSS6.7AI score0.00363EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2025/10/24 8:13 p.m.27 views

CVE-2025-62717 Emlog Pro session verification code error due to clearing logic error

Emlog is an open source website building system. In version 2.5.23, Emlog Pro is vulnerable to a session verification code error due to a clearing logic error. This means the verification code could be reused anywhere an email verification code is required. This issue has been fixed in commit...

6.9CVSS0.00363EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/10/24 8:13 p.m.8 views

CVE-2025-62717 Emlog Pro session verification code error due to clearing logic error

Emlog is an open source website building system. In version 2.5.23, Emlog Pro is vulnerable to a session verification code error due to a clearing logic error. This means the verification code could be reused anywhere an email verification code is required. This issue has been fixed in commit...

6.9CVSS6.7AI score0.00363EPSS
Exploits0References2
OSV
OSV
added 2025/10/24 8:13 p.m.10 views

CVE-2025-62717 Emlog Pro session verification code error due to clearing logic error

Emlog is an open source website building system. In version 2.5.23, Emlog Pro is vulnerable to a session verification code error due to a clearing logic error. This means the verification code could be reused anywhere an email verification code is required. This issue has been fixed in commit...

6.9CVSS7.1AI score0.00363EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/24 8:13 p.m.5 views

EUVD-2025-35889

Emlog is an open source website building system. In version 2.5.23, Emlog Pro is vulnerable to a session verification code error due to a clearing logic error. This means the verification code could be reused anywhere an email verification code is required. This issue has been fixed in commit...

6.9CVSS6.5AI score0.00363EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/10/24 12:0 a.m.5 views

PT-2025-43672

Name of the Vulnerable Software and Affected Versions Emlog versions prior to the commit 1f726df Emlog Pro version 2.5.23 Description Emlog Pro version 2.5.23 contains a flaw related to session verification codes. A clearing logic error allows the reuse of email verification codes in any context...

6.9CVSS6.6AI score0.00363EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2025/10/11 8:7 p.m.10 views

CVE-2025-61930

Emlog is an open source website building system. Emlog Pro versions 2.5.19 and earlier are vulnerable to Cross‑Site Request Forgery CSRF on the password change endpoint. An attacker can trick a logged‑in administrator into submitting a crafted POST request to change the admin password without...

8.8CVSS7AI score0.00201EPSS
Exploits1References1
NVD
NVD
added 2025/10/10 8:15 p.m.6 views

CVE-2025-61930

Emlog is an open source website building system. Emlog Pro versions 2.5.19 and earlier are vulnerable to Cross‑Site Request Forgery CSRF on the password change endpoint. An attacker can trick a logged‑in administrator into submitting a crafted POST request to change the admin password without...

8.8CVSS0.00201EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/10 8:1 p.m.5 views

EUVD-2025-33776

Emlog is an open source website building system. Emlog Pro versions 2.5.19 and earlier are vulnerable to Cross‑Site Request Forgery CSRF on the password change endpoint. An attacker can trick a logged‑in administrator into submitting a crafted POST request to change the admin password without...

8.1CVSS6.5AI score0.00201EPSS
Exploits1References1
CVE
CVE
added 2025/10/10 8:1 p.m.15 views

CVE-2025-61930

CVE-2025-61930 affects Emlog Pro up to v2.5.19. The vulnerability is a Cross‑Site Request Forgery (CSRF) on the password change endpoint, allowing an attacker to trick a logged‑in administrator into submitting a POST that changes the admin password. The resulting impact is privileged account take...

8.8CVSS6.6AI score0.00201EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2025/10/10 8:1 p.m.4 views

CVE-2025-61930 Emlog Pro has CSRF issue that Enables Admin Password Reset

Emlog is an open source website building system. Emlog Pro versions 2.5.19 and earlier are vulnerable to Cross‑Site Request Forgery CSRF on the password change endpoint. An attacker can trick a logged‑in administrator into submitting a crafted POST request to change the admin password without...

8.1CVSS7AI score0.00201EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2025/10/10 8:1 p.m.3 views

CVE-2025-61930 Emlog Pro has CSRF issue that Enables Admin Password Reset

Emlog is an open source website building system. Emlog Pro versions 2.5.19 and earlier are vulnerable to Cross‑Site Request Forgery CSRF on the password change endpoint. An attacker can trick a logged‑in administrator into submitting a crafted POST request to change the admin password without...

8.1CVSS6.6AI score0.00201EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2025/10/10 12:0 a.m.6 views

PT-2025-41601

Name of the Vulnerable Software and Affected Versions Emlog Pro versions 2.5.19 and earlier Description Emlog Pro versions 2.5.19 and earlier are susceptible to a Cross-Site Request Forgery CSRF issue on the password change endpoint. This allows an attacker to trick a logged-in administrator into...

8.1CVSS6.3AI score0.00201EPSS
Exploits1References5
CNNVD
CNNVD
added 2025/10/10 12:0 a.m.3 views

Emlog Pro 跨站请求伪造漏洞

Emlog Pro is an Emlog open source blogging system. A cross-site request forgery vulnerability exists in Emlog Pro version 2.5.19 and earlier versions, which stems from a cross-site request forgery in the password change endpoint that could lead to a privileged user account takeover...

8.8CVSS6.7AI score0.00201EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/10/04 7:7 a.m.9 views

CVE-2025-61599

Emlog is an open source website building system. A stored Cross-Site Scripting XSS vulnerability exists in the "Twitter"feature of EMLOG Pro 2.5.21 and below. An authenticated user with privileges to post a "Twitter" message can inject arbitrary JavaScript code. The malicious script is stored on...

5.1CVSS5.6AI score0.00189EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/10/04 12:57 a.m.5 views

CVE-2025-60448

A stored Cross-Site Scripting XSS vulnerability has been discovered in Emlog Pro 2.5.19. The vulnerability exists due to insufficient validation of SVG file uploads in the /admin/media.php component, allowing attackers to upload malicious SVG files containing JavaScript code that executes when th...

6.1CVSS6AI score0.00213EPSS
Exploits1References1
Rows per page
Query Builder