442 matches found
CVE-2026-46657 Bludit's persistent authentication tokens not revoked upon account disablement
Bludit is a content management system. Versions prior to 3.22.0 have a vulnerability in the user management logic that allows deactivated accounts to maintain access via persistent authentication tokens. When an administrator disables a user account, the application fails to invalidate or clear t...
CVE-2026-46656
Bludit CMS versions prior to 3.22.0 are affected by a Broken Access Control issue where active sessions remain valid after the corresponding user account is deleted (the “Ghost Session”). This allows revoked users to maintain full unauthorized access. The issue is fixed in version 3.22.0. Affecte...
CVE-2026-46656 Bludit CMS has improper authorization and mediation failure leading to persistent ghost sessions
Bludit is a content management system. Versions prior to 3.22.0 have a Broken Access Control flaw where active sessions remain valid even after the corresponding user account has been physically deleted from the database. This "Ghost Session" allows revoked users to maintain full unauthorized...
CVE-2026-46656 Bludit CMS has improper authorization and mediation failure leading to persistent ghost sessions
Bludit is a content management system. Versions prior to 3.22.0 have a Broken Access Control flaw where active sessions remain valid even after the corresponding user account has been physically deleted from the database. This "Ghost Session" allows revoked users to maintain full unauthorized...
CVE-2026-46656 Bludit CMS has improper authorization and mediation failure leading to persistent ghost sessions
Bludit is a content management system. Versions prior to 3.22.0 have a Broken Access Control flaw where active sessions remain valid even after the corresponding user account has been physically deleted from the database. This "Ghost Session" allows revoked users to maintain full unauthorized...
EUVD-2026-35081
Bludit is a content management system. Versions prior to 3.22.0 have a Broken Access Control flaw where active sessions remain valid even after the corresponding user account has been physically deleted from the database. This "Ghost Session" allows revoked users to maintain full unauthorized...
Bludit 安全漏洞
Bludit is an open-source, lightweight blog content management system developed by Bludit. Versions of Bludit prior to 3.22.0 contained security vulnerabilities. These vulnerabilities stemmed from a flaw in the user management logic: when accounts were disabled, persistent authentication tokens we...
PT-2026-47329
Bludit is a content management system. Versions prior to 3.22.0 have a vulnerability in the user management logic that allows deactivated accounts to maintain access via persistent authentication tokens. When an administrator disables a user account, the application fails to invalidate or clear t...
Bludit 授权问题漏洞
Bludit is an open-source, lightweight blog content management system developed by Bludit. Versions of Bludit prior to 3.22.0 had an authorization issue vulnerability. This vulnerability stemmed from the fact that active sessions remained valid even after user accounts were deleted, potentially...
PT-2026-47328
Bludit is a content management system. Versions prior to 3.22.0 have a Broken Access Control flaw where active sessions remain valid even after the corresponding user account has been physically deleted from the database. This "Ghost Session" allows revoked users to maintain full unauthorized...
CVE-2026-4420
Bludit is vulnerable to Stored Cross-Site Scripting XSS in its page creating functionality. An authenticated attacker with page creation privileges such as Author, Editor, or Administrator can embed a malicious JavaScript payload in the tags field of a newly created article. This payload will be...
CVE-2026-41456
Bludit CMS prior to commit 6732dde contains a reflected cross-site scripting vulnerability in the search plugin that allows unauthenticated attackers to inject arbitrary JavaScript by crafting a malicious search query. Attackers can execute malicious scripts in the browsers of users who visit...
Bludit CMS 3.18.4 - RCE
Exploit Title: Bludit CMS 3.18.4 - RCE Date: 2026-03-28 Exploit Author: Yahia Hamza https://yh.do Vendor Homepage: https://www.bludit.com/ Software Link: https://github.com/bludit/bludit/archive/refs/tags/3.18.2.zip Version: Bludit . The uploadFile function performs no file extension or content...
EUVD-2026-24239
Bludit CMS prior to commit 6732dde contains a reflected cross-site scripting vulnerability in the search plugin that allows unauthenticated attackers to inject arbitrary JavaScript by crafting a malicious search query. Attackers can execute malicious scripts in the browsers of users who visit...
CVE-2026-41456
Bludit CMS prior to commit 6732dde contains a reflected cross-site scripting vulnerability in the search plugin that allows unauthenticated attackers to inject arbitrary JavaScript by crafting a malicious search query. Attackers can execute malicious scripts in the browsers of users who visit...
CVE-2026-41456
CVE-2026-41456 affects Bludit CMS prior to commit 6732dde, where a reflected XSS in the search plugin allows unauthenticated attackers to inject arbitrary JavaScript by crafting a malicious search query. When users visit a crafted URL, attackers can execute scripts in their browsers, potentially ...
CVE-2026-41456 Bludit CMS Reflected XSS via Search Plugin
Bludit CMS prior to commit 6732dde contains a reflected cross-site scripting vulnerability in the search plugin that allows unauthenticated attackers to inject arbitrary JavaScript by crafting a malicious search query. Attackers can execute malicious scripts in the browsers of users who visit...
CVE-2026-41456
Bludit CMS prior to commit 6732dde contains a reflected cross-site scripting vulnerability in the search plugin that allows unauthenticated attackers to inject arbitrary JavaScript by crafting a malicious search query. Attackers can execute malicious scripts in the browsers of users who visit...
CVE-2026-41456 Bludit CMS Reflected XSS via Search Plugin
Bludit CMS prior to commit 6732dde contains a reflected cross-site scripting vulnerability in the search plugin that allows unauthenticated attackers to inject arbitrary JavaScript by crafting a malicious search query. Attackers can execute malicious scripts in the browsers of users who visit...
CVE-2026-41456 Bludit CMS Reflected XSS via Search Plugin
Bludit CMS prior to commit 6732dde contains a reflected cross-site scripting vulnerability in the search plugin that allows unauthenticated attackers to inject arbitrary JavaScript by crafting a malicious search query. Attackers can execute malicious scripts in the browsers of users who visit...