CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Cvelist•added 2025/12/12 3:20 a.m.•25 views

CVE-2025-13334 Blaze Demo Importer 1.0.0 - 1.0.13 - Missing Authorization to Authenticated (Subscriber+) Database Reset and File Deletion

8.1CVSS0.00229EPSS

EUVD•added 2025/12/12 3:20 a.m.•3 views

EUVD-2025-202963

8.1CVSS4.7AI score0.00229EPSS

Exploits0References3

Vulnrichment•added 2025/12/12 3:20 a.m.•2 views

CVE-2025-13334 Blaze Demo Importer 1.0.0 - 1.0.13 - Missing Authorization to Authenticated (Subscriber+) Database Reset and File Deletion

8.1CVSS4.8AI score0.00229EPSS

CVE•added 2025/12/12 3:20 a.m.•14 views

CVE-2025-13334

CVE-2025-13334 (Blaze Demo Importer, WordPress) is substantiated by multiple connected sources: Wordfence flags a vulnerability in Blaze Demo Importer versions 1.0.0–1.0.13 caused by a missing capability check in blaze_demo_importer_install_demo, enabling authenticated attackers with subscriber+ ...

8.1CVSS4.8AI score0.00229EPSS

CNNVD•added 2025/12/12 12:0 a.m.•3 views

WordPress plugin Blaze Demo Importer 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

8.1CVSS6.3AI score0.00229EPSS

Positive Technologies•added 2025/12/12 12:0 a.m.•3 views

PT-2025-50816

The Blaze Demo Importer plugin for WordPress is vulnerable to unauthorized database resets and file deletion due to a missing capability check on the "blaze demo importer install demo" function in all versions up to, and including, 1.0.13. This makes it possible for authenticated attackers, with...

8.1CVSS5.1AI score0.00229EPSS

Exploits0References4

CNNVD•added 2025/12/03 12:0 a.m.•5 views

Perforce BlazeMeter Jenkins Plugin 安全漏洞

Perforce BlazeMeter Jenkins Plugin is a plugin from Perforce USA. A security vulnerability exists in Perforce BlazeMeter Jenkins Plugin versions prior to 4.27, which stems from improper privilege control and could lead to unauthorized access to a list of sensitive resources...

5.3CVSS6.3AI score0.0021EPSS

Exploits0References3

OSSF Malicious Packages•added 2025/11/13 3:23 a.m.•4 views

Malicious code in blaze-antares-taurus-prompts (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5ad226b864d7c4e73ea785218719e45d19c4ac3acdb0c4d2a3c0530ff2b85350 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score

EUVD•added 2025/11/13 3:23 a.m.•2 views

EUVD-2025-176362

Malicious code in sirius-blaze-decoherence-scripts npm...

EUVD•added 2025/11/13 3:23 a.m.•1 views

EUVD-2025-179860

Malicious code in castor-ganymede-registry-blaze npm...

EUVD•added 2025/11/13 3:23 a.m.•2 views

EUVD-2025-180028

Malicious code in blaze-transport-eridanus-singularitarianism npm...

OSV•added 2025/11/13 3:23 a.m.•1 views

MAL-2025-189357 Malicious code in sass-loader-prompts-inquirer-blaze (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8510e31e6aebe1ba6798f088e0772983d71667602f005659f7f54fddb9b9facd This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.8AI score

EUVD•added 2025/11/13 3:23 a.m.•1 views

EUVD-2025-178396

Malicious code in innercore-yildun-blaze-robotics npm...

EUVD•added 2025/11/13 3:23 a.m.•2 views

EUVD-2025-176518

Malicious code in sass-loader-prompts-inquirer-blaze npm...