CVE-2026-38669

wCMS v.1.4 is vulnerable to Cross Site Scripting XSS when creating a new blog...

CVE-2026-6610

A vulnerability has been found in liangliangyy DjangoBlog up to 2.1.0.0. The impacted element is an unknown function of the file djangoblog/settings.py of the component Setting Handler. Such manipulation of the argument USER/PASSWORD leads to hard-coded credentials. The attack may be launched...

CVE-2026-6202

A security flaw has been discovered in code-projects Easy Blog Site 1.0. This affects an unknown function of the file post.php. Performing a manipulation of the argument tags results in sql injection. The attack may be initiated remotely. The exploit has been released to the public and may be use...

CVE-2026-3317

Reflected Cross-Site Scripting XSS vulnerability in Navigate Content Management System. The vulnerability is present in the '/blog' endpoint because user input is not properly sanitized through designed query parameters. This results in unsafe HTML rendering, which could allow a remote attacker t...

CVE-2026-5805

A weakness has been identified in code-projects Easy Blog Site up to 1.0. The impacted element is an unknown function of the file /users/contactus.php. Executing a manipulation of the argument Name can lead to sql injection. The attack can be launched remotely. The exploit has been made available...

CVE-2026-6625

A security vulnerability has been detected in moxi624 Mogu Blog v2 up to 5.2. Affected by this vulnerability is the function LocalFileServiceImpl.uploadPictureByUrl of the file mogupicture/src/main/java/com/moxi/mogublog/picture/service/impl/LocalFileServiceImpl.java of the component Picture...

CVE-2026-6579

A weakness has been identified in liangliangyy DjangoBlog up to 2.1.0.0. This impacts an unknown function of the file blog/views.py of the component Clean Endpoint. This manipulation causes missing authentication. The attack may be initiated remotely. The exploit has been made available to the...

CVE-2026-40308

My Calendar is a WordPress plugin for managing calendar events. In versions 3.7.6 and below, the mcajaxmcjsaction AJAX endpoint, registered for unauthenticated users, passes user-supplied arguments through parsestr without validation, allowing injection of arbitrary parameters including a site...

PrestaShop Theme Volty CMS Blog - SQL Injection

In the module 'Theme Volty CMS Blog' tvcmsblog up to versions 4.0.1 from Theme Volty for PrestaShop, a guest can perform SQL injection in affected versions. id: CVE-2023-39650 info: name: PrestaShop Theme Volty CMS Blog - SQL Injection author: mastercho severity: critical description: | In the...

Joomla! Component MMS Blog 2.3.0 - Local File Inclusion

A directory traversal vulnerability in the MMS Blog commmsblog component 2.3.0 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. dot dot in the controller parameter to index.php. id: CVE-2010-1491 info: name: Joomla! Component MMS Blo...

News & Blog Designer Pack – WordPress Blog Plugin <= 3.4.1 - Unauthenticated Local File Inclusion

The News & Blog Designer Pack WordPress plugin up to version 3.4.1 contains a remote code execution caused by local file inclusion in the bdpgetmorepost function, letting unauthenticated attackers include arbitrary PHP files, exploit requires AJAX request with crafted POST data. id: CVE-2023-5815...

CVE-2017-20235

creationtimestamp| type| source ---|---|--- 2026-06-03 12:07:08+00:00| seen| https://bsky.app/profile/cyberhub.blog/post/3mnf345rytp2i...

Malicious Package

Overview imillegal5 is a malicious package. This package is part of a malicious npm campaign that abused the registry to distribute ad-supported web proxy applications disguised as educational websites. The package contains web assets intended to bypass network restrictions and generate advertisi...

How to Get a Reddit API Key in 2026: Step-by-Step Guide

Getting a Reddit API key starts with creating an application through Reddit’s developer portal and understanding how its…...

CVE-2026-40543

creationtimestamp| type| source ---|---|--- 2026-06-01 01:55:00+00:00| seen| https://cert.pl/en/posts/2026/06/CVE-2026-40543 2026-06-01 12:30:11+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mna3hk2oep2p...

CVE-2026-7098

creationtimestamp| type| source ---|---|--- 2026-05-30 11:07:07+00:00| seen| https://bsky.app/profile/cyberhub.blog/post/3mn2vv5mgyu2k...

CVE-2026-7054

creationtimestamp| type| source ---|---|--- 2026-05-29 10:07:07+00:00| seen| https://bsky.app/profile/cyberhub.blog/post/3mmyc2x7f2i2g...

Jms Blog - SQL Injection

The module Jms Blog jmsblog from Joommasters contains a Time Based SQL injection vulnerability. This module is for the PrestaShop e-commerce platform and mainly provided with joommasters PrestaShop themes id: CVE-2023-27034 info: name: Jms Blog - SQL Injection author: MaStErChO severity: critical...

CVE-2026-44315

creationtimestamp| type| source ---|---|--- 2026-05-28 21:07:07+00:00| seen| https://bsky.app/profile/cyberhub.blog/post/3mmwwi7f4w22f...

CVE-2026-47759

creationtimestamp| type| source ---|---|--- 2026-05-28 17:01:01+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mmwiq4djr42l 2026-05-28 17:23:57+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mmwjz5vnzt2i 2026-05-28 21:37:06+00:00| seen|...