PT-2025-34682 · Unknown · Perfreeblog

Name of the Vulnerable Software and Affected Versions: PerfreeBlog version 4.0.11 Description: PerfreeBlog version 4.0.11 contains an arbitrary file read vulnerability within the getThemeFileContent function. Recommendations: At the moment, there is no information about a newer version that...

CVE-2025-29421

CVE-2025-29421 affects PerfreeBlog v4.0.11 and describes an arbitrary file-read vulnerability in the getThemeFileContent function. The CVE reports a network-based, low-complexity issue with no privileges required and no user interaction, resulting in high confidentiality impact and no integrity/a...

PT-2025-34681 · Unknown · Perfreeblog

Name of the Vulnerable Software and Affected Versions: PerfreeBlog version 4.0.11 Description: PerfreeBlog version 4.0.11 contains a directory traversal flaw within the getThemeFilesByName function. Recommendations: At the moment, there is no information about a newer version that contains a fix...

PerfreeBlog 安全漏洞

PerfreeBlog is PerfreeBlog open source a java-based development of blog/CMS site building platform. PerfreeBlog v4.0.11 version of a security vulnerability , the vulnerability stems from the getThemeFileContent function has an arbitrary file read problem...

CVE-2025-29421

PerfreeBlog v4.0.11 has an arbitrary file read vulnerability in the getThemeFileContent function...

PerfreeBlog 安全漏洞

PerfreeBlog is PerfreeBlog open source, a java-based blog/CMS builder. PerfreeBlog v4.0.11 version of a security vulnerability , the vulnerability stems from the getThemeFilesByName function there is a directory traversal...

CVE-2025-29420

PerfreeBlog v4.0.11 has a directory traversal vulnerability in the getThemeFilesByName function...

CVE-2025-29420

PerfreeBlog v4.0.11 is affected by a directory traversal vulnerability in the getThemeFilesByName function. The issue is documented across multiple sources (CVE-2025-29420) with CVSS 3.1 base score 7.5 (HIGH) and network attack vector, no user interaction required. The root cause is a path traver...

CVE-2025-29421

PerfreeBlog v4.0.11 has an arbitrary file read vulnerability in the getThemeFileContent function...

CVE-2025-5164

A vulnerability has been found in PerfreeBlog 4.0.11 and classified as problematic. This vulnerability affects the function JwtUtil of the component JWT Handler. The manipulation leads to use of hard-coded cryptographic key . The attack can be initiated remotely. The complexity of an attack is...

CVE-2025-5164

A vulnerability has been found in PerfreeBlog 4.0.11 and classified as problematic. This vulnerability affects the function JwtUtil of the component JWT Handler. The manipulation leads to use of hard-coded cryptographic key . The attack can be initiated remotely. The complexity of an attack is...

CVE-2025-5164

A vulnerability has been found in PerfreeBlog 4.0.11 and classified as problematic. This vulnerability affects the function JwtUtil of the component JWT Handler. The manipulation leads to use of hard-coded cryptographic key . The attack can be initiated remotely. The complexity of an attack is...

CVE-2025-5164

Affected software: PerfreeBlog 4.0.11. Vulnerability: in the function JwtUtil of the JWT Handler, leading to use of a hard-coded cryptographic key. Impact/exposure: exploit can be initiated remotely; attack complexity is high, with confidential data integrity and availability potentially affected...

CVE-2025-5164 PerfreeBlog JWT JwtUtil hard-coded key

A vulnerability has been found in PerfreeBlog 4.0.11 and classified as problematic. This vulnerability affects the function JwtUtil of the component JWT Handler. The manipulation leads to use of hard-coded cryptographic key . The attack can be initiated remotely. The complexity of an attack is...

PT-2025-22876 · Unknown · Perfreeblog

Name of the Vulnerable Software and Affected Versions: PerfreeBlog version 4.0.11 Description: A vulnerability has been found in the function JwtUtil of the component JWT Handler, which leads to the use of a hard-coded cryptographic key. The attack can be initiated remotely, and the complexity of...

PerfreeBlog 安全漏洞

PerfreeBlog is PerfreeBlog open source, a java-based blog/CMS builder. A security vulnerability exists in PerfreeBlog version 4.0.11, which stems from the use of hard-coded encryption keys...

CVE-2023-29643

Cross Site Scripting XSS vulnerability in PerfreeBlog 3.1.2 allows attackers to execute arbitrary code via the Post function...

CVE-2023-27757

An arbitrary file upload vulnerability in the /admin/user/uploadImg component of PerfreeBlog v3.1.1 allows attackers to execute arbitrary code via a crafted JPG file...

CVE-2023-30333

An arbitrary file upload vulnerability in the component /admin/ThemeController.java of PerfreeBlog v3.1.2 allows attackers to execute arbitrary code via a crafted file...

CVE-2025-29281

In PerfreeBlog version 4.0.11, regular users can exploit the arbitrary file upload vulnerability in the attach component to upload arbitrary files and execute code within them...