Lucene search
+L

927 matches found

CVE
CVE
added 2026/01/02 6:58 p.m.33 views

CVE-2026-21432

CVE-2026-21432 affects Emlog (open source PHP/MySQL CMS). A stored cross-site scripting vulnerability in version 2.5.23 can lead to account takeover, including admin accounts. Multiple trusted sources (NVD/Red Hat/CVE lists) state that as of publication there are no known patched versions availab...

8.2CVSS5.8AI score0.00162EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/01/02 6:49 p.m.1 views

CVE-2026-21431 Emlog vulnerable to stored Cross-site Scripting via image name

Emlog is an open source website building system. Version 2.5.23 has a stored cross-site scripting vulnerability in the Resource media library function while publishing an article. As of time of publication, no known patched versions are available...

5.1CVSS5.8AI score0.00162EPSS
Exploits1References1
EUVD
EUVD
added 2026/01/02 6:49 p.m.7 views

EUVD-2026-0756

Emlog is an open source website building system. Version 2.5.23 has a stored cross-site scripting vulnerability in the Resource media library function while publishing an article. As of time of publication, no known patched versions are available...

5.1CVSS5.7AI score0.00162EPSS
Exploits1References1
CVE
CVE
added 2026/01/02 6:49 p.m.23 views

CVE-2026-21431

CVE-2026-21431 affects Emlog, an open source website-building system. Multiple sources confirm a stored cross-site scripting vulnerability in the Resource media library function when publishing an article, specifically in version 2.5.23. The available reports indicate no patched versions at time ...

5.4CVSS5.8AI score0.00162EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2026/01/02 6:49 p.m.33 views

CVE-2026-21431 Emlog vulnerable to stored Cross-site Scripting via image name

Emlog is an open source website building system. Version 2.5.23 has a stored cross-site scripting vulnerability in the Resource media library function while publishing an article. As of time of publication, no known patched versions are available...

5.1CVSS0.00162EPSS
Exploits1References1
OSV
OSV
added 2026/01/02 6:49 p.m.6 views

CVE-2026-21431 Emlog vulnerable to stored Cross-site Scripting via image name

Emlog is an open source website building system. Version 2.5.23 has a stored cross-site scripting vulnerability in the Resource media library function while publishing an article. As of time of publication, no known patched versions are available...

5.1CVSS6.1AI score0.00162EPSS
Exploits1References3
EUVD
EUVD
added 2026/01/02 6:44 p.m.6 views

EUVD-2026-0757

Emlog is an open source website building system. In version 2.5.23, article creation functionality is vulnerable to cross-site request forgery CSRF. This can lead to a user being forced to post an article with arbitrary, attacker-controlled content. This, when combined with stored cross-site...

8.3CVSS6AI score0.00151EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/01/02 6:44 p.m.5 views

CVE-2026-21430 Emlog: CSRF chained with stored XSS leads to ATO

Emlog is an open source website building system. In version 2.5.23, article creation functionality is vulnerable to cross-site request forgery CSRF. This can lead to a user being forced to post an article with arbitrary, attacker-controlled content. This, when combined with stored cross-site...

8.3CVSS6.1AI score0.00151EPSS
Exploits1References1
CVE
CVE
added 2026/01/02 6:44 p.m.11 views

CVE-2026-21430

CVE-2026-21430 concerns Emlog, an open source website builder. The issue, reported in version 2.5.23, is a CSRF flaw in the article creation function. An attacker could force a user to publish an article containing arbitrary content, and when combined with stored XSS, this can lead to an account ...

9.3CVSS6.1AI score0.00151EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2026/01/02 6:44 p.m.32 views

CVE-2026-21430 Emlog: CSRF chained with stored XSS leads to ATO

Emlog is an open source website building system. In version 2.5.23, article creation functionality is vulnerable to cross-site request forgery CSRF. This can lead to a user being forced to post an article with arbitrary, attacker-controlled content. This, when combined with stored cross-site...

8.3CVSS0.00151EPSS
Exploits1References1
OSV
OSV
added 2026/01/02 6:44 p.m.6 views

CVE-2026-21430 Emlog: CSRF chained with stored XSS leads to ATO

Emlog is an open source website building system. In version 2.5.23, article creation functionality is vulnerable to cross-site request forgery CSRF. This can lead to a user being forced to post an article with arbitrary, attacker-controlled content. This, when combined with stored cross-site...

8.3CVSS6.5AI score0.00151EPSS
Exploits1References3
NVD
NVD
added 2026/01/02 6:15 p.m.13 views

CVE-2026-21429

Emlog is an open source website building system. In version 2.5.23, the admin can set controls which makes users unable to edit or delete their articles after publishing them. As of time of publication, no known patched versions are available...

5.1CVSS0.00204EPSS
Exploits1References1
EUVD
EUVD
added 2026/01/02 5:23 p.m.6 views

EUVD-2026-0752

Emlog is an open source website building system. In version 2.5.23, the admin can set controls which makes users unable to edit or delete their articles after publishing them. As of time of publication, no known patched versions are available...

5.1CVSS6.3AI score0.00204EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/01/02 5:23 p.m.6 views

CVE-2026-21429 Emlog has Broken Access Control (BAC)

Emlog is an open source website building system. In version 2.5.23, the admin can set controls which makes users unable to edit or delete their articles after publishing them. As of time of publication, no known patched versions are available...

5.1CVSS6.4AI score0.00204EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/01/02 5:23 p.m.32 views

CVE-2026-21429 Emlog has Broken Access Control (BAC)

Emlog is an open source website building system. In version 2.5.23, the admin can set controls which makes users unable to edit or delete their articles after publishing them. As of time of publication, no known patched versions are available...

5.1CVSS0.00204EPSS
Exploits1References1
CVE
CVE
added 2026/01/02 5:23 p.m.17 views

CVE-2026-21429

CVE-2026-21429 affects Emlog (open-source PHP/MySQL CMS); specifically version 2.5.23 where an admin-configured control allows users to be prevented from editing or deleting published articles. Root cause: broken access control enabling post-publish restrictions. Impact as stated: users cannot ed...

5.1CVSS6.4AI score0.00204EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2026/01/02 5:23 p.m.6 views

CVE-2026-21429 Emlog has Broken Access Control (BAC)

Emlog is an open source website building system. In version 2.5.23, the admin can set controls which makes users unable to edit or delete their articles after publishing them. As of time of publication, no known patched versions are available...

5.1CVSS6.7AI score0.00204EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/01/02 12:0 a.m.7 views

PT-2026-1120

Name of the Vulnerable Software and Affected Versions Emlog versions up to and including 2.5.19 Description Emlog is vulnerable to server-side Out-of-Band OOB requests and Server-Side Request Forgery SSRF through the handling of uploaded SVG files. An attacker can upload a specially crafted SVG...

7.7CVSS6.5AI score0.00274EPSS
Exploits1References6
CNNVD
CNNVD
added 2026/01/02 12:0 a.m.10 views

emlog 代码问题漏洞

emlog is emlog open source PHP and MySQL based on a set of CMS site building system . A code issue vulnerability exists in Emlog 2.5.19 and prior versions, which stems from an out-of-band server-side request or a server-side request forgery by uploading an SVG file that could lead to probing the...

7.7CVSS6.8AI score0.00274EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/01/02 12:0 a.m.8 views

PT-2026-1117

Name of the Vulnerable Software and Affected Versions Emlog version 2.5.23 Description Emlog version 2.5.23’s article creation functionality is susceptible to cross-site request forgery CSRF. This allows an attacker to force a user to post an article containing arbitrary content. When combined wi...

8.3CVSS6.3AI score0.00151EPSS
Exploits1References6
Rows per page
Query Builder