Lucene search
+L

442 matches found

OSV
OSV
added 2026/06/08 3:5 p.m.3 views

CVE-2026-46657 Bludit's persistent authentication tokens not revoked upon account disablement

Bludit is a content management system. Versions prior to 3.22.0 have a vulnerability in the user management logic that allows deactivated accounts to maintain access via persistent authentication tokens. When an administrator disables a user account, the application fails to invalidate or clear t...

7.1CVSS6AI score0.00271EPSS
Exploits0References4
CVE
CVE
added 2026/06/08 2:51 p.m.37 views

CVE-2026-46656

Bludit CMS versions prior to 3.22.0 are affected by a Broken Access Control issue where active sessions remain valid after the corresponding user account is deleted (the “Ghost Session”). This allows revoked users to maintain full unauthorized access. The issue is fixed in version 3.22.0. Affecte...

8.8CVSS5.4AI score0.00294EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/08 2:51 p.m.41 views

CVE-2026-46656 Bludit CMS has improper authorization and mediation failure leading to persistent ghost sessions

Bludit is a content management system. Versions prior to 3.22.0 have a Broken Access Control flaw where active sessions remain valid even after the corresponding user account has been physically deleted from the database. This "Ghost Session" allows revoked users to maintain full unauthorized...

8.8CVSS0.00294EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/08 2:51 p.m.10 views

CVE-2026-46656 Bludit CMS has improper authorization and mediation failure leading to persistent ghost sessions

Bludit is a content management system. Versions prior to 3.22.0 have a Broken Access Control flaw where active sessions remain valid even after the corresponding user account has been physically deleted from the database. This "Ghost Session" allows revoked users to maintain full unauthorized...

8.8CVSS5.4AI score0.00294EPSS
Exploits0References3
OSV
OSV
added 2026/06/08 2:51 p.m.4 views

CVE-2026-46656 Bludit CMS has improper authorization and mediation failure leading to persistent ghost sessions

Bludit is a content management system. Versions prior to 3.22.0 have a Broken Access Control flaw where active sessions remain valid even after the corresponding user account has been physically deleted from the database. This "Ghost Session" allows revoked users to maintain full unauthorized...

8.8CVSS5.9AI score0.00294EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/08 2:51 p.m.15 views

EUVD-2026-35081

Bludit is a content management system. Versions prior to 3.22.0 have a Broken Access Control flaw where active sessions remain valid even after the corresponding user account has been physically deleted from the database. This "Ghost Session" allows revoked users to maintain full unauthorized...

8.8CVSS5.4AI score0.00294EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/06/08 12:0 a.m.16 views

Bludit 安全漏洞

Bludit is an open-source, lightweight blog content management system developed by Bludit. Versions of Bludit prior to 3.22.0 contained security vulnerabilities. These vulnerabilities stemmed from a flaw in the user management logic: when accounts were disabled, persistent authentication tokens we...

7.1CVSS5.4AI score0.00271EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/08 12:0 a.m.29 views

PT-2026-47329

Bludit is a content management system. Versions prior to 3.22.0 have a vulnerability in the user management logic that allows deactivated accounts to maintain access via persistent authentication tokens. When an administrator disables a user account, the application fails to invalidate or clear t...

7.1CVSS5.5AI score0.00271EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/06/08 12:0 a.m.15 views

Bludit 授权问题漏洞

Bludit is an open-source, lightweight blog content management system developed by Bludit. Versions of Bludit prior to 3.22.0 had an authorization issue vulnerability. This vulnerability stemmed from the fact that active sessions remained valid even after user accounts were deleted, potentially...

8.8CVSS5.3AI score0.00294EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/08 12:0 a.m.24 views

PT-2026-47328

Bludit is a content management system. Versions prior to 3.22.0 have a Broken Access Control flaw where active sessions remain valid even after the corresponding user account has been physically deleted from the database. This "Ghost Session" allows revoked users to maintain full unauthorized...

8.8CVSS5.4AI score0.00294EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/05 7:28 p.m.9 views

CVE-2026-4420

Bludit is vulnerable to Stored Cross-Site Scripting XSS in its page creating functionality. An authenticated attacker with page creation privileges such as Author, Editor, or Administrator can embed a malicious JavaScript payload in the tags field of a newly created article. This payload will be...

5.4CVSS5.3AI score0.00161EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/12 2:27 a.m.12 views

CVE-2026-41456

Bludit CMS prior to commit 6732dde contains a reflected cross-site scripting vulnerability in the search plugin that allows unauthenticated attackers to inject arbitrary JavaScript by crafting a malicious search query. Attackers can execute malicious scripts in the browsers of users who visit...

5.1CVSS5.8AI score0.00379EPSS
Exploits0References1
Exploit DB
Exploit DB
added 2026/05/07 12:0 a.m.81 views

Bludit CMS 3.18.4 - RCE

Exploit Title: Bludit CMS 3.18.4 - RCE Date: 2026-03-28 Exploit Author: Yahia Hamza https://yh.do Vendor Homepage: https://www.bludit.com/ Software Link: https://github.com/bludit/bludit/archive/refs/tags/3.18.2.zip Version: Bludit . The uploadFile function performs no file extension or content...

8.8CVSS5.8AI score0.01919EPSS
Exploits4
EUVD
EUVD
added 2026/04/21 9:31 p.m.8 views

EUVD-2026-24239

Bludit CMS prior to commit 6732dde contains a reflected cross-site scripting vulnerability in the search plugin that allows unauthenticated attackers to inject arbitrary JavaScript by crafting a malicious search query. Attackers can execute malicious scripts in the browsers of users who visit...

5.1CVSS5.8AI score0.00379EPSS
Exploits0References5
NVD
NVD
added 2026/04/21 7:16 p.m.10 views

CVE-2026-41456

Bludit CMS prior to commit 6732dde contains a reflected cross-site scripting vulnerability in the search plugin that allows unauthenticated attackers to inject arbitrary JavaScript by crafting a malicious search query. Attackers can execute malicious scripts in the browsers of users who visit...

5.1CVSS0.00379EPSS
Exploits0References4
CVE
CVE
added 2026/04/21 6:3 p.m.21 views

CVE-2026-41456

CVE-2026-41456 affects Bludit CMS prior to commit 6732dde, where a reflected XSS in the search plugin allows unauthenticated attackers to inject arbitrary JavaScript by crafting a malicious search query. When users visit a crafted URL, attackers can execute scripts in their browsers, potentially ...

5.1CVSS5.8AI score0.00379EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/04/21 6:3 p.m.3 views

CVE-2026-41456 Bludit CMS Reflected XSS via Search Plugin

Bludit CMS prior to commit 6732dde contains a reflected cross-site scripting vulnerability in the search plugin that allows unauthenticated attackers to inject arbitrary JavaScript by crafting a malicious search query. Attackers can execute malicious scripts in the browsers of users who visit...

5.1CVSS5.8AI score0.00379EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/04/21 6:3 p.m.10 views

CVE-2026-41456

Bludit CMS prior to commit 6732dde contains a reflected cross-site scripting vulnerability in the search plugin that allows unauthenticated attackers to inject arbitrary JavaScript by crafting a malicious search query. Attackers can execute malicious scripts in the browsers of users who visit...

5.1CVSS5.8AI score0.00379EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/04/21 6:3 p.m.36 views

CVE-2026-41456 Bludit CMS Reflected XSS via Search Plugin

Bludit CMS prior to commit 6732dde contains a reflected cross-site scripting vulnerability in the search plugin that allows unauthenticated attackers to inject arbitrary JavaScript by crafting a malicious search query. Attackers can execute malicious scripts in the browsers of users who visit...

5.1CVSS0.00379EPSS
Exploits0References4
OSV
OSV
added 2026/04/21 6:3 p.m.2 views

CVE-2026-41456 Bludit CMS Reflected XSS via Search Plugin

Bludit CMS prior to commit 6732dde contains a reflected cross-site scripting vulnerability in the search plugin that allows unauthenticated attackers to inject arbitrary JavaScript by crafting a malicious search query. Attackers can execute malicious scripts in the browsers of users who visit...

5.1CVSS6AI score0.00379EPSS
Exploits0References7
Rows per page
Query Builder