Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
๐Ÿ”ฅ Daily Hot!
๐Ÿ’ช๐Ÿฝ CPE Enhanced Advisories
๐Ÿ•ถ Shadow Exploits
๐Ÿ•ต๐Ÿผ Vulners CPE
๐Ÿ” Security news
๐Ÿ’ป Exploit updates
๐Ÿ“‘ Blogs review
๐Ÿง Linux vulnerabilities
๐Ÿž Bugbounty
๐Ÿค– AI High Score
๐Ÿ“ฐ CVE Feed
show all

46 matches found

Nuclei
Nucleiโ€ขadded yesterdayโ€ข4 views

Blesta <= 5.13.1 - Cross-Site Scripting

Blesta 3.x through 5.x before 5.13.3 contains an input validation vulnerability caused by mishandling input, letting attackers potentially exploit the system, exploit requires unspecified conditions. id: CVE-2026-25616 info: name: Blesta = 5.13.1 - Cross-Site Scripting author: 0xAkoko severity:...

6.1CVSS5.8AI score0.0246EPSS
Exploits1References3
RedhatCVE
RedhatCVEโ€ขadded 2026/02/04 7:28 p.m.โ€ข2 views

CVE-2026-25616

Blesta 3.x through 5.x before 5.13.3 mishandles input validation, aka CORE-5665...

6.1CVSS5.3AI score0.0246EPSS
Exploits1References1
RedhatCVE
RedhatCVEโ€ขadded 2026/02/04 7:27 p.m.โ€ข2 views

CVE-2026-25615

Blesta 3.x through 5.x before 5.13.3 allows object injection, aka CORE-5668...

7.2CVSS5.3AI score0.00046EPSS
Exploits1References1
RedhatCVE
RedhatCVEโ€ขadded 2026/02/04 7:27 p.m.โ€ข2 views

CVE-2026-25614

Blesta 3.x through 5.x before 5.13.3 allows object injection, aka CORE-5680...

7.5CVSS5.3AI score0.00049EPSS
Exploits1References1
Packet Storm
Packet Stormโ€ขadded 2026/02/04 12:0 a.m.โ€ข118 views

๐Ÿ“„ Blesta 5.13.1 2Checkout PHP Object Injection

Blesta versions 3.0.0 through 5.13.1 suffer from a 2Checkout PHP object injection vulnerability. The vulnerabilities exist because user input passed through the invoices POST parameter or the item-ext-ref GET parameter when dispatching the Checkout2::validate or Checkout2::success method is not...

7.5CVSS6.3AI score0.00049EPSS
Exploits1
Packet Storm
Packet Stormโ€ขadded 2026/02/04 12:0 a.m.โ€ข136 views

๐Ÿ“„ Blesta 5.13.1 Cross Site Scripting

Blesta versions 3.2.0 through 5.13.1 suffer from a cross site scripting vulnerability. User input passed through the confirmurl GET parameter to the /dialog/confirm and /clientdialog/confirm/ endpoints is not properly sanitized before being used to generate HTML output; specifically, before being...

4.7CVSS4.9AI score0.0246EPSS
Exploits1
Packet Storm
Packet Stormโ€ขadded 2026/02/04 12:0 a.m.โ€ข95 views

๐Ÿ“„ Blesta 5.13.1 Admin Interface PHP Object Injection

Blesta versions 3.0.0 through 5.13.1 suffer from an administrative interface PHP object injection vulnerability. The vulnerabilities exist because user input passed through the vars and orderinfo POST parameters when dispatching the /app/controllers/adminclients.php script, and through the...

7.2CVSS6.3AI score0.00046EPSS
Exploits1
OSV
OSVโ€ขadded 2026/02/03 8:15 p.m.โ€ข1 views

CVE-2026-25616

Blesta 3.x through 5.x before 5.13.3 mishandles input validation, aka CORE-5665...

6.1CVSS5.8AI score0.0246EPSS
Exploits1References2
NVD
NVDโ€ขadded 2026/02/03 8:15 p.m.โ€ข3 views

CVE-2026-25615

Blesta 3.x through 5.x before 5.13.3 allows object injection, aka CORE-5668...

7.2CVSS0.00046EPSS
Exploits1References2
NVD
NVDโ€ขadded 2026/02/03 8:15 p.m.โ€ข3 views

CVE-2026-25616

Blesta 3.x through 5.x before 5.13.3 mishandles input validation, aka CORE-5665...

6.1CVSS0.0246EPSS
Exploits1References2
OSV
OSVโ€ขadded 2026/02/03 8:15 p.m.โ€ข0 views

CVE-2026-25615

Blesta 3.x through 5.x before 5.13.3 allows object injection, aka CORE-5668...

7.2CVSS5.8AI score
Exploits0References2
NVD
NVDโ€ขadded 2026/02/03 8:15 p.m.โ€ข2 views

CVE-2026-25614

Blesta 3.x through 5.x before 5.13.3 allows object injection, aka CORE-5680...

7.5CVSS0.00049EPSS
Exploits1References2
OSV
OSVโ€ขadded 2026/02/03 8:15 p.m.โ€ข2 views

CVE-2026-25614

Blesta 3.x through 5.x before 5.13.3 allows object injection, aka CORE-5680...

7.5CVSS5.8AI score0.00049EPSS
Exploits1References2
EUVD
EUVDโ€ขadded 2026/02/03 7:21 p.m.โ€ข1 views

EUVD-2026-5174

Blesta 3.x through 5.x before 5.13.3 mishandles input validation, aka CORE-5665...

4.7CVSS5.3AI score0.0246EPSS
Exploits1References1
Cvelist
Cvelistโ€ขadded 2026/02/03 7:21 p.m.โ€ข22 views

CVE-2026-25616

Blesta 3.x through 5.x before 5.13.3 mishandles input validation, aka CORE-5665...

4.7CVSS0.0246EPSS
Exploits1References1
CVE
CVEโ€ขadded 2026/02/03 7:21 p.m.โ€ข5 views

CVE-2026-25616

Blesta CVE-2026-25616 affects Blesta versions 3.x through 5.x before 5.13.3 due to mishandling of input validation (CORE-5665). Multiple sources (Red Hat, CVE listing, PacketStorm) indicate impacts include input handling defects that enable cross-site scripting in certain endpoints, with the cano...

6.1CVSS5.3AI score0.0246EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichmentโ€ขadded 2026/02/03 7:21 p.m.โ€ข3 views

CVE-2026-25616

Blesta 3.x through 5.x before 5.13.3 mishandles input validation, aka CORE-5665...

4.7CVSS5.3AI score0.0246EPSS
Exploits1References1
ATTACKERKB
ATTACKERKBโ€ขadded 2026/02/03 7:21 p.m.โ€ข3 views

CVE-2026-25616

Blesta 3.x through 5.x before 5.13.3 mishandles input validation, aka CORE-5665...

4.7CVSS5.3AI score0.0246EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichmentโ€ขadded 2026/02/03 7:18 p.m.โ€ข2 views

CVE-2026-25615

Blesta 3.x through 5.x before 5.13.3 allows object injection, aka CORE-5668...

7.2CVSS5.3AI score0.00046EPSS
Exploits1References1
EUVD
EUVDโ€ขadded 2026/02/03 7:18 p.m.โ€ข2 views

EUVD-2026-5171

Blesta 3.x through 5.x before 5.13.3 allows object injection, aka CORE-5668...

7.2CVSS5.3AI score0.00046EPSS
Exploits1References1
Rows per page
Query Builder