CVE-2026-6625 moxi624 Mogu Blog v2 Picture Storage Service LocalFileServiceImpl.java LocalFileServiceImpl.uploadPictureByUrl server-side request forgery

A security vulnerability has been detected in moxi624 Mogu Blog v2 up to 5.2. Affected by this vulnerability is the function LocalFileServiceImpl.uploadPictureByUrl of the file mogupicture/src/main/java/com/moxi/mogublog/picture/service/impl/LocalFileServiceImpl.java of the component Picture...

CVE-2026-6609

A flaw has been found in liangliangyy DjangoBlog up to 2.1.0.0. The affected element is the function formvalid of the file oauth/views.py. This manipulation of the argument oauthid causes improper authorization. The attack may be initiated remotely. The exploit has been published and may be used...

CVE-2026-6610

A vulnerability has been found in liangliangyy DjangoBlog up to 2.1.0.0. The impacted element is an unknown function of the file djangoblog/settings.py of the component Setting Handler. Such manipulation of the argument USER/PASSWORD leads to hard-coded credentials. The attack may be launched...

EUVD-2026-23712

A weakness has been identified in liangliangyy DjangoBlog up to 2.1.0.0. This impacts an unknown function of the file blog/views.py of the component Clean Endpoint. This manipulation causes missing authentication. The attack may be initiated remotely. The exploit has been made available to the...

CVE-2026-39632

Cross-Site Request Forgery CSRF vulnerability in ThemeGoods Grand Blog grandblog allows Cross Site Request Forgery.This issue affects Grand Blog: from n/a through = 3.1...

PT-2025-48416

Name of the Vulnerable Software and Affected Versions moxi159753 Mogu Blog versions up to 5.2 Description A flaw exists in the Storage Management Endpoint component of moxi159753 Mogu Blog. The issue involves unauthorized processing of the /storage/ file, leading to a missing authorization check...

CVE-2025-60354

Unauthorized modification of arbitrary articles vulnerability exists in blog-vue-springboot...

EUVD-2006-0340

Malware in sbrugna...

EUVD-2010-4881

Malware in sbrugna...

EUVD-2009-0329

Malware in sbrugna...

EUVD-2007-1439

Malware in sbrugna...

EUVD-2005-1139

Malware in sbrugna...

EUVD-2009-4867

Malware in sbrugna...

EUVD-2017-9091

Malware in sbrugna...

EUVD-2025-6665

Malicious code in bioql PyPI...

EUVD-2025-28813

Malicious code in bioql PyPI...

EUVD-2024-45576

Malicious code in bioql PyPI...

PT-2025-36511

Name of the Vulnerable Software and Affected Versions: XWiki versions prior to 9.14 Description: The XWiki blog application allows users of the XWiki platform to create and manage blog posts. Prior to version 9.14, the blog application allowed remote code execution for any logged-in user with edi...

CVE-2025-9151

A security flaw has been discovered in LiuYuYang01 ThriveX-Blog up to 3.1.7. Affected by this vulnerability is the function updateJsonValueByName of the file /webconfig/json/name/web. Performing manipulation results in improper authorization. It is possible to initiate the attack remotely. The...

CVE-2025-55737

flaskBlog is a blog app built with Flask. In 2.8.0 and earlier, when deleting a comment, there's no validation of the ownership of the comment. Every user can delete an arbitrary comment of another user on every post, by simply intercepting the delete request and changing the commentID. The code...