CVE-2025-5164

A vulnerability has been found in PerfreeBlog 4.0.11 and classified as problematic. This vulnerability affects the function JwtUtil of the component JWT Handler. The manipulation leads to use of hard-coded cryptographic key. The attack can be initiated remotely. The complexity of an attack is rathe...

CVE-2023-30333

An arbitrary file upload vulnerability in the component /admin/ThemeController.java of PerfreeBlog v3.1.2 allows attackers to execute arbitrary code via a crafted file.

CVE-2023-27757

An arbitrary file upload vulnerability in the /admin/user/uploadImg component of PerfreeBlog v3.1.1 allows attackers to execute arbitrary code via a crafted JPG file.

CVE-2025-29280

Stored cross-site scripting vulnerability exists in PerfreeBlog v4.0.11 in the website name field of the backend system settings interface allows an attacker to insert and execute arbitrary malicious code.

CVE-2025-29281

In PerfreeBlog version 4.0.11, regular users can exploit the arbitrary file upload vulnerability in the attach component to upload arbitrary files and execute code within them.

CVE-2023-29643

Cross Site Scripting (XSS) vulnerability in PerfreeBlog 3.1.2 allows attackers to execute arbitrary code via the Post function.

CVE-2023-40825

An issue in Perfree PerfreeBlog v.3.1.2 allows a remote attacker to execute arbitrary code via crafted plugin listed in admin/plugin/access/list.