CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

405 matches found

Bludit 3.13.1 - Cross Site Scripting

Cross Site Scripting XSS vulnerability exists in bludit 3-13-1 via the username in admin/login id: CVE-2021-35323 info: name: Bludit 3.13.1 - Cross Site Scripting author: r3Y3r53 severity: medium description: | Cross Site Scripting XSS vulnerability exists in bludit 3-13-1 via the username in...

6.1CVSS6.3AI score0.03031EPSS

Exploits4References3

RedhatCVE•added 2026/05/12 2:27 a.m.•3 views

CVE-2026-41456

Bludit CMS prior to commit 6732dde contains a reflected cross-site scripting vulnerability in the search plugin that allows unauthenticated attackers to inject arbitrary JavaScript by crafting a malicious search query. Attackers can execute malicious scripts in the browsers of users who visit...

5.1CVSS5.8AI score0.00173EPSS

Exploits0References1

Exploit DB•added 2026/05/07 12:0 a.m.•35 views

Bludit CMS 3.18.4 - RCE

Exploit Title: Bludit CMS 3.18.4 - RCE Date: 2026-03-28 Exploit Author: Yahia Hamza https://yh.do Vendor Homepage: https://www.bludit.com/ Software Link: https://github.com/bludit/bludit/archive/refs/tags/3.18.2.zip Version: Bludit . The uploadFile function performs no file extension or content...

8.8CVSS5.8AI score0.00458EPSS

Exploits4

EUVD•added 2026/04/21 9:31 p.m.•0 views

EUVD-2026-24239

5.1CVSS5.8AI score0.00173EPSS

Exploits0References5

NVD•added 2026/04/21 7:16 p.m.•1 views

CVE-2026-41456

5.1CVSS0.00173EPSS

Exploits0References4

CVE•added 2026/04/21 6:3 p.m.•3 views

CVE-2026-41456

CVE-2026-41456 affects Bludit CMS prior to commit 6732dde, where a reflected XSS in the search plugin allows unauthenticated attackers to inject arbitrary JavaScript by crafting a malicious search query. When users visit a crafted URL, attackers can execute scripts in their browsers, potentially ...

5.1CVSS5.8AI score0.00173EPSS

Exploits0References4

Cvelist•added 2026/04/21 6:3 p.m.•25 views

CVE-2026-41456 Bludit CMS Reflected XSS via Search Plugin

5.1CVSS0.00173EPSS

Exploits0References4

ATTACKERKB•added 2026/04/21 6:3 p.m.•0 views

CVE-2026-41456

5.1CVSS5.8AI score0.00173EPSS

Exploits0References5

Vulnrichment•added 2026/04/21 6:3 p.m.•0 views

CVE-2026-41456 Bludit CMS Reflected XSS via Search Plugin

5.1CVSS5.8AI score0.00173EPSS

Exploits0References4

CNNVD•added 2026/04/21 12:0 a.m.•2 views

Bludit 跨站脚本漏洞

Bludit is an open-source, lightweight blog content management system developed by Bludit. Previous versions of Bludit, such as 6732dde, had a cross-site scripting vulnerability. This vulnerability stemmed from the search plugin’s reflective cross-site scripting feature, which allowed...

5.1CVSS5.8AI score0.00173EPSS

Exploits0References1

Positive Technologies•added 2026/04/21 12:0 a.m.•0 views

PT-2026-34045

Name of the Vulnerable Software and Affected Versions Bludit CMS versions prior to commit 6732dde Description A reflected cross-site scripting issue exists in the search plugin. This allows unauthenticated attackers to inject arbitrary JavaScript by crafting a malicious search query. Malicious...

5.1CVSS5.7AI score0.00173EPSS

Exploits0References7

Packet Storm•added 2026/04/21 12:0 a.m.•67 views

📄 Bludit CMS 3.18.2 Shell Upload

This Metasploit module targets a vulnerability in Bludit CMS version 3.18.2 targeting the API file upload mechanism which allows authenticated users with a valid API token to upload arbitrary files without proper validation. This can result in a shell upload...

8.8CVSS5.9AI score0.00458EPSS

Exploits4

EUVD•added 2026/04/07 12:31 p.m.•0 views

EUVD-2026-19598

Bludit is vulnerable to Stored Cross-Site Scripting XSS in its page creating functionality. An authenticated attacker with page creation privileges such as Author, Editor, or Administrator can embed a malicious JavaScript payload in the tags field of a newly created article. This payload will be...

5.1CVSS5.8AI score0.00073EPSS

Exploits0References3

Cvelist•added 2026/04/07 10:46 a.m.•14 views

CVE-2026-4420 Stored XSS via Page Creating functionality in Bludit

5.1CVSS0.00073EPSS

Exploits0References2

ATTACKERKB•added 2026/04/07 10:46 a.m.•1 views

CVE-2026-4420

5.1CVSS5.8AI score0.00073EPSS

Exploits0References3Affected Software1

CVE•added 2026/04/07 10:46 a.m.•3 views

CVE-2026-4420

Summary: CVE-2026-4420 affects Bludit with a Stored XSS in the “page creating” flow. An authenticated user with page-creation privileges (Author/Editor/Admin) can insert a malicious script into the tags field when creating an article. The payload executes when a victim visits the uploaded resourc...

5.4CVSS5.8AI score0.00073EPSS

Exploits0References2Affected Software1

Vulnrichment•added 2026/04/07 10:46 a.m.•0 views

CVE-2026-4420 Stored XSS via Page Creating functionality in Bludit

5.1CVSS5.8AI score0.00073EPSS

Exploits0References2

CNNVD•added 2026/04/07 12:0 a.m.•2 views

Bludit 跨站脚本漏洞

Bludit is an open-source, lightweight blog content management system developed by Bludit. Versions 3.17.2 and 3.18.0 of Bludit contain cross-site scripting vulnerabilities. These vulnerabilities stem from a storage-based cross-site scripting flaw in the page creation function. This allows...

5.4CVSS5.6AI score0.00073EPSS

Exploits0References2

Packet Storm•added 2026/03/30 12:0 a.m.•94 views

📄 Bludit CMS Shell Upload

Bludit CMS versions prior to 3.18.4 have an unrestricted API file upload vulnerability that allows for remote code execution. Exploit Title: Bludit CMS . The uploadFile function performs no file extension or content validation, allowing upload of PHP webshells that execute as www-data. The API...

8.8CVSS6.1AI score0.00458EPSS

Exploits4