Lucene search
K

907 matches found

RedhatCVE
RedhatCVE
added 2026/01/09 10:54 a.m.8 views

CVE-2022-23379

Emlog v6.0 was discovered to contain a SQL injection vulnerability via the $TagID parameter of getblogidsfromtagid...

9.8CVSS8.3AI score0.01374EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:53 a.m.8 views

CVE-2022-23872

Emlog pro v1.1.1 was discovered to contain a stored cross-site scripting XSS vulnerability in the component /admin/configure.php via the parameter footerinfo...

4.8CVSS5.9AI score0.00617EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:51 a.m.9 views

CVE-2022-42189

Emlog Pro 1.6.0 plugins upload suffers from a remote code execution RCE vulnerability...

7.2CVSS7.9AI score0.01438EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:32 a.m.12 views

CVE-2019-16868

emlog through 6.0.0beta has an arbitrary file deletion vulnerability via an admin/data.php?action=dellallbak request with directory traversal sequences in the bak parameter...

9.8CVSS7.2AI score0.02556EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/03 7:53 p.m.7 views

CVE-2026-21433

Emlog is an open source website building system. Versions up to and including 2.5.19 are vulnerable to server-side Out-of-Band OOB requests / SSRF via uploaded SVG files. An attacker can upload a crafted SVG to http://emblog/admin/media.php which contains external resource references. When the...

7.7CVSS7.1AI score0.00274EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/03 6:59 p.m.6 views

CVE-2026-21432

Emlog is an open source website building system. Version 2.5.23 has a stored cross-site scripting vulnerability that can lead to account takeover, including takeover of admin accounts. As of time of publication, no known patched versions are available...

8.2CVSS6.1AI score0.00162EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/03 6:59 p.m.6 views

CVE-2026-21430

Emlog is an open source website building system. In version 2.5.23, article creation functionality is vulnerable to cross-site request forgery CSRF. This can lead to a user being forced to post an article with arbitrary, attacker-controlled content. This, when combined with stored cross-site...

8.3CVSS6.5AI score0.00151EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/03 6:59 p.m.5 views

CVE-2026-21431

Emlog is an open source website building system. Version 2.5.23 has a stored cross-site scripting vulnerability in the Resource media library function while publishing an article. As of time of publication, no known patched versions are available...

5.1CVSS6.2AI score0.00162EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/03 6:5 p.m.6 views

CVE-2026-21429

Emlog is an open source website building system. In version 2.5.23, the admin can set controls which makes users unable to edit or delete their articles after publishing them. As of time of publication, no known patched versions are available...

5.1CVSS6.8AI score0.00204EPSS
Exploits1References1
NVD
NVD
added 2026/01/02 7:15 p.m.4 views

CVE-2026-21432

Emlog is an open source website building system. Version 2.5.23 has a stored cross-site scripting vulnerability that can lead to account takeover, including takeover of admin accounts. As of time of publication, no known patched versions are available...

8.2CVSS0.00162EPSS
Exploits1References1
NVD
NVD
added 2026/01/02 7:15 p.m.4 views

CVE-2026-21433

Emlog is an open source website building system. Versions up to and including 2.5.19 are vulnerable to server-side Out-of-Band OOB requests / SSRF via uploaded SVG files. An attacker can upload a crafted SVG to http://emblog/admin/media.php which contains external resource references. When the...

7.7CVSS0.00274EPSS
Exploits1References1
NVD
NVD
added 2026/01/02 7:15 p.m.7 views

CVE-2026-21430

Emlog is an open source website building system. In version 2.5.23, article creation functionality is vulnerable to cross-site request forgery CSRF. This can lead to a user being forced to post an article with arbitrary, attacker-controlled content. This, when combined with stored cross-site...

9.3CVSS0.00151EPSS
Exploits1References1
NVD
NVD
added 2026/01/02 7:15 p.m.4 views

CVE-2026-21431

Emlog is an open source website building system. Version 2.5.23 has a stored cross-site scripting vulnerability in the Resource media library function while publishing an article. As of time of publication, no known patched versions are available...

5.4CVSS0.00162EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/01/02 7:0 p.m.4 views

CVE-2026-21433 Emlog vulnerable to Server-Side Request Forgery (SSRF)

Emlog is an open source website building system. Versions up to and including 2.5.19 are vulnerable to server-side Out-of-Band OOB requests / SSRF via uploaded SVG files. An attacker can upload a crafted SVG to http://emblog/admin/media.php which contains external resource references. When the...

7.7CVSS6.7AI score0.00274EPSS
Exploits1References1
EUVD
EUVD
added 2026/01/02 7:0 p.m.6 views

EUVD-2026-0754

Emlog is an open source website building system. Versions up to and including 2.5.19 are vulnerable to server-side Out-of-Band OOB requests / SSRF via uploaded SVG files. An attacker can upload a crafted SVG to http://emblog/admin/media.php which contains external resource references. When the...

7.7CVSS6.5AI score0.00274EPSS
Exploits1References1
OSV
OSV
added 2026/01/02 7:0 p.m.7 views

CVE-2026-21433 Emlog vulnerable to Server-Side Request Forgery (SSRF)

Emlog is an open source website building system. Versions up to and including 2.5.19 are vulnerable to server-side Out-of-Band OOB requests / SSRF via uploaded SVG files. An attacker can upload a crafted SVG to http://emblog/admin/media.php which contains external resource references. When the...

7.7CVSS7AI score0.00274EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/01/02 7:0 p.m.29 views

CVE-2026-21433 Emlog vulnerable to Server-Side Request Forgery (SSRF)

Emlog is an open source website building system. Versions up to and including 2.5.19 are vulnerable to server-side Out-of-Band OOB requests / SSRF via uploaded SVG files. An attacker can upload a crafted SVG to http://emblog/admin/media.php which contains external resource references. When the...

7.7CVSS0.00274EPSS
Exploits1References1
CVE
CVE
added 2026/01/02 7:0 p.m.21 views

CVE-2026-21433

Summary: CVE-2026-21433 affects Emlog up to v2.5.19. The vulnerability is a server-side SSRF/OOB via uploaded SVG files. An attacker can upload a crafted SVG to /admin/media.php; when Emlog processes or renders the SVG (thumbnailing/preview/sanitization), the server issues an HTTP request to an a...

7.7CVSS6.7AI score0.00274EPSS
Exploits1References1Affected Software1
EUVD
EUVD
added 2026/01/02 6:58 p.m.3 views

EUVD-2026-0755

Emlog is an open source website building system. Version 2.5.23 has a stored cross-site scripting vulnerability that can lead to account takeover, including takeover of admin accounts. As of time of publication, no known patched versions are available...

8.2CVSS5.7AI score0.00162EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/01/02 6:58 p.m.2 views

CVE-2026-21432 Emlog has stored Cross-site Scripting issue that can lead to admin or another account ATO

Emlog is an open source website building system. Version 2.5.23 has a stored cross-site scripting vulnerability that can lead to account takeover, including takeover of admin accounts. As of time of publication, no known patched versions are available...

8.2CVSS5.8AI score0.00162EPSS
Exploits1References1
Rows per page
Query Builder