CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

97 matches found

CNNVD•added 2026/05/08 12:0 a.m.•6 views

emlog SQL注入漏洞

Emlog is an open-source CMS website building system based on PHP and MySQL. Versions of Emlog prior to 2.6.11 had a SQL injection vulnerability. This vulnerability stemmed from direct SQL injections in the article creation and updating functions, which could allow attackers to execute arbitrary S...

10CVSS6.1AI score0.00249EPSS

Exploits0References1

CNNVD•added 2026/05/08 12:0 a.m.•8 views

emlog 代码问题漏洞

Emlog is an open-source CMS website building system based on PHP and MySQL. Versions of Emlog prior to 2.6.11 had code vulnerabilities, which stemmed from an insecure plugin upload feature. This vulnerability could allow attackers to upload and execute arbitrary PHP code...

6.1AI score0.00276EPSS

Exploits0References1

GithubExploit•added 2026/04/05 7:33 a.m.•38 views

Emlog-v2.6.9-Vulnerability-Report

Emlog-v2.6.9-Vulnerability-Report CVE ID: REQUESTED D...

6.2AI score

Exploits0

EUVD•added 2026/04/03 10:35 p.m.•4 views

EUVD-2026-18901

Emlog is an open source website building system. In versions 2.6.2 and prior, a path traversal vulnerability exists in the emUnZip function include/lib/common.php:793. When extracting ZIP archives plugin/template uploads, backup imports, the function calls $zip-extractTo$path without sanitizing Z...

7.2CVSS6.1AI score0.00874EPSS

Exploits1References1

Vulnrichment•added 2026/04/03 10:28 p.m.•0 views

CVE-2026-34228 Emlog: CSRF in Backend Upgrade Interface Leading to Arbitrary Remote SQL Execution and Arbitrary File Write

Emlog is an open source website building system. Prior to version 2.6.8, the backend upgrade interface accepts remote SQL and ZIP URLs via GET parameters. The server first downloads and executes the SQL file, then downloads the ZIP file and extracts it directly into the web root directory. This...

8.7CVSS6.1AI score0.00188EPSS

Exploits1References2

RedhatCVE•added 2026/01/03 7:53 p.m.•6 views

CVE-2026-21433

Emlog is an open source website building system. Versions up to and including 2.5.19 are vulnerable to server-side Out-of-Band OOB requests / SSRF via uploaded SVG files. An attacker can upload a crafted SVG to http://emblog/admin/media.php which contains external resource references. When the...

7.7CVSS7.1AI score0.00274EPSS

Exploits1References1

Vulnrichment•added 2026/01/02 7:0 p.m.•3 views

CVE-2026-21433 Emlog vulnerable to Server-Side Request Forgery (SSRF)

7.7CVSS6.7AI score0.00274EPSS

Exploits1References1

CVE•added 2026/01/02 6:49 p.m.•13 views

CVE-2026-21431

CVE-2026-21431 affects Emlog, an open source website-building system. Multiple sources confirm a stored cross-site scripting vulnerability in the Resource media library function when publishing an article, specifically in version 2.5.23. The available reports indicate no patched versions at time ...

5.4CVSS5.8AI score0.00162EPSS

Exploits1References1Affected Software1

OSV•added 2026/01/02 6:49 p.m.•2 views

CVE-2026-21431 Emlog vulnerable to stored Cross-site Scripting via image name

Emlog is an open source website building system. Version 2.5.23 has a stored cross-site scripting vulnerability in the Resource media library function while publishing an article. As of time of publication, no known patched versions are available...

5.1CVSS6.1AI score0.00162EPSS

Exploits1References3

CVE•added 2026/01/02 6:44 p.m.•8 views

CVE-2026-21430

CVE-2026-21430 concerns Emlog, an open source website builder. The issue, reported in version 2.5.23, is a CSRF flaw in the article creation function. An attacker could force a user to publish an article containing arbitrary content, and when combined with stored XSS, this can lead to an account ...

9.3CVSS6.1AI score0.00151EPSS

Exploits1References1Affected Software1

CNNVD•added 2026/01/02 12:0 a.m.•4 views

emlog 安全漏洞

emlog is emlog open source a set of PHP and MySQL based CMS website building system. A security vulnerability exists in version 2.5.23 of emlog, the vulnerability stems from the administrator can set the control item, which may lead to users can not be edited or deleted after posting articles...

5.1CVSS6.6AI score0.00204EPSS

Exploits1References2

CNNVD•added 2026/01/02 12:0 a.m.•5 views

emlog 代码问题漏洞

emlog is emlog open source PHP and MySQL based on a set of CMS site building system . A code issue vulnerability exists in Emlog 2.5.19 and prior versions, which stems from an out-of-band server-side request or a server-side request forgery by uploading an SVG file that could lead to probing the...

7.7CVSS6.8AI score0.00274EPSS

Exploits1References2

EUVD•added 2025/10/07 12:30 a.m.•0 views

EUVD-2019-7544

Malware in sbrugna...

6.5CVSS6.5AI score0.01795EPSS

Exploits1References2

EUVD•added 2025/10/07 12:30 a.m.•3 views

EUVD-2020-14422

Malware in sbrugna...

7.2CVSS7AI score0.01067EPSS

Exploits1References2

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2020-14094

Malware in sbrugna...

4.3CVSS4.9AI score0.00518EPSS

Exploits1References2

EUVD•added 2025/10/07 12:30 a.m.•4 views

EUVD-2019-7377

Malware in sbrugna...

9.8CVSS9.2AI score0.02556EPSS

Exploits1References2

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2020-13793

Malware in sbrugna...

6.5CVSS6.5AI score0.00921EPSS

Exploits1References2

Positive Technologies•added 2025/10/06 12:0 a.m.•2 views

PT-2025-40911

Name of the Vulnerable Software and Affected Versions Emlog versions up to and including 2.5.22 Description A cross-site scripting XSS issue exists in Emlog, potentially allowing authenticated remote attackers to inject arbitrary web script or HTML. This is possible through the file upload...

6.1CVSS5.8AI score0.00257EPSS

Exploits1References6

EUVD•added 2025/10/03 8:7 p.m.•3 views

EUVD-2025-17477

Malicious code in bioql PyPI...

5.1CVSS4.8AI score0.00319EPSS

Exploits1References5

EUVD•added 2025/10/03 8:7 p.m.•2 views

EUVD-2023-40969

Malicious code in bioql PyPI...

6.5CVSS6.6AI score0.00578EPSS

Exploits1References1