37 matches found
CVE-2022-23626
m1k1o/blog is a lightweight self-hosted facebook-styled PHP blog. Errors from functions imagecreatefrom and image have not been checked properly. Although PHP issued warnings and the upload function returned false, the original file that could contain a malicious payload was kept on the disk. Use...
EUVD-2020-10914
Malware in sbrugna...
EUVD-2006-0850
Malware in sbrugna...
EUVD-2007-3075
Malware in sbrugna...
EUVD-2021-28459
Malicious code in bioql PyPI...
EUVD-2022-28584
Malicious code in bioql PyPI...
EUVD-2023-41822
Malicious code in bioql PyPI...
CVE-2025-49756
creationtimestamp| type| source ---|---|--- 2025-07-08 15:56:31+00:00| seen| https://www.thezdi.com/blog/2025/7/8/the-july-2025-security-update-review...
Blog 安全漏洞
Blog is a personal blogging system by the individual developers of Xuzijia in China. A security vulnerability exists in Blog 983bede and prior versions, which stems from an unconfigured SERVERNAME causing the password reset function to rely on the Host HTTP header, which could lead to an account...
Modern Campus Omni CMS Security Vulnerability
Modern Campus Omni CMS is a web content management system from Modern Campus, Inc. It is used by colleges and universities to manage their websites. A security vulnerability exists in Modern Campus Omni CMS version 2023.1, which stems from an XPath injection vulnerability in the blog and RSS...
blog.wordvice.com Improper Access Control vulnerability OBB-3819379
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
blog.essense-of-life.com Improper Access Control vulnerability OBB-3807352
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
What Else Can You Do to Defend Against Bots?
...
Welcart e-Commerce < 2.9.5 - Unauthenticated PHP Object Injection
Description The plugin unserializes user input from cookies, which could allow unautehtniacted users to perform PHP Object Injection when a suitable gadget is present on the blog PoC To simulate a gadget chain, put the following code in a plugin: class Evil public function wakeup : void...
Cross site request forgery (csrf)
The Profile Builder WordPress plugin before 3.9.8 lacks authorisation and CSRF in its page creation function which allows unauthenticated users to create the register, log-in and edit-profile pages from the plugin on the blog...
blog.ghtcoalition.org Cross Site Scripting vulnerability OBB-3508848
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
Gravity Forms < 2.7.4 - Unauthenticated PHP Object Injection
The plugin unserializes user input via the getfieldinput, which could allow unauthenticated users to perform PHP Object Injection when a suitable gadget is present on the blog...
blog.ipi.media Cross Site Scripting vulnerability OBB-2348151
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
blog.barre3.com Cross Site Scripting vulnerability OBB-2331068
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
Frontend File Manager < 18.3 - Unauthenticated Arbitrary Post Deletion
The wpfmdeletefile AJAX action of the plugin, available to unauthenticated users, was lacking CSRF and capability check, allowing unauthenticated users to delete arbitrary posts and pages from the blog...