11 matches found
EUVD-2025-10961
Malicious code in bioql PyPI...
EUVD-2025-25717
Malicious code in bioql PyPI...
CVE-2025-5164
A vulnerability has been found in PerfreeBlog 4.0.11 and classified as problematic. This vulnerability affects the function JwtUtil of the component JWT Handler. The manipulation leads to use of hard-coded cryptographic key . The attack can be initiated remotely. The complexity of an attack is...
CVE-2025-5164
A vulnerability has been found in PerfreeBlog 4.0.11 and classified as problematic. This vulnerability affects the function JwtUtil of the component JWT Handler. The manipulation leads to use of hard-coded cryptographic key . The attack can be initiated remotely. The complexity of an attack is...
PT-2025-22876 · Unknown · Perfreeblog
Name of the Vulnerable Software and Affected Versions: PerfreeBlog version 4.0.11 Description: A vulnerability has been found in the function JwtUtil of the component JWT Handler, which leads to the use of a hard-coded cryptographic key. The attack can be initiated remotely, and the complexity of...
CVE-2025-29280
Stored cross-site scripting vulnerability exists in PerfreeBlog v4.0.11 in the website name field of the backend system settings interface allows an attacker to insert and execute arbitrary malicious code...
CVE-2025-29280
CVE-2025-29280 is a stored cross-site scripting vulnerability in PerfreeBlog v4.0.11, occurring in the website name field of the backend system settings interface. The issue allows an attacker to insert and execute arbitrary malicious code. The CVSS 3.1 base metrics indicate a Medium severity (4....
CVE-2025-29281
In PerfreeBlog version 4.0.11, regular users can exploit the arbitrary file upload vulnerability in the attach component to upload arbitrary files and execute code within them...
PT-2025-16341 · Unknown · Perfreeblog
Name of the Vulnerable Software and Affected Versions: PerfreeBlog version 4.0.11 Description: A stored cross-site scripting vulnerability exists in the website name field of the backend system settings interface, allowing an attacker to insert and execute arbitrary malicious code. Recommendation...
CVE-2025-29281
In PerfreeBlog version 4.0.11, regular users can exploit the arbitrary file upload vulnerability in the attach component to upload arbitrary files and execute code within them...
CVE-2023-27757
An arbitrary file upload vulnerability in the /admin/user/uploadImg component of PerfreeBlog v3.1.1 allows attackers to execute arbitrary code via a crafted JPG file...