Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
blog project blog vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2020-18998
Cross Site Scripting (XSS) in Blog_mini v1.0 allows remote malicious users to execute arbitrary code via the component '/admin/custom/blog-plugin/add'.
Blog Mini Project Blog Mini 1.0
6.1
CVSSv3
CVE-2020-18999
Cross Site Scripting (XSS) in Blog_mini v1.0 allows remote malicious users to execute arbitrary code via the component '/admin/submit-articles'.
Blog Mini Project Blog Mini 1.0
4.9
CVSSv3
CVE-2021-24549
The AceIDE WordPress plugin up to and including 2.6.2 does not sanitise or validate the user input which is appended to system paths before using it in various actions, such as to read arbitrary files from the server. This allows high privilege users such as administrator to acce...
Aceide Project Aceide
6.1
CVSSv3
CVE-2021-26224
Cross-site scripting (XSS) vulnerability in SourceCodester Fantastic-Blog-CMS V 1.0 allows remote malicious users to inject arbitrary web script or HTML via the search field to search.php.
Fantastic Blog Project Fantastic Blog 1.0
9.8
CVSSv3
CVE-2021-26231
SQL injection vulnerability in SourceCodester Fantastic Blog CMS v 1.0 allows remote malicious users to execute arbitrary SQL statements, via the id parameter to category.php.
Fantastic Blog Cms Project Fantastic Blog Cms 1.0
4.8
CVSSv3
CVE-2021-24418
The Smooth Scroll Page Up/Down Buttons WordPress plugin up to and including 1.4 does not properly sanitise and validate its psb_positioning settings, allowing high privilege users such as admin to set an XSS payload in it, which will be executed in all pages of the blog
Smooth Scroll Page Up\\/down Buttons Project Smooth Scroll Page Up\\/down Buttons
8.8
CVSSv3
CVE-2021-24192
Low privileged users can use the AJAX action 'cp_plugins_do_button_job_later_callback' in the Tree Sitemap WordPress plugin prior to 2.9, to install any plugin (including a specific version) from the WordPress repository, as well as activate arbitrary plugin from then b...
Sitemap Project Sitemap
7.2
CVSSv3
CVE-2021-29427
In Gradle from version 5.1 and before version 7.0 there is a vulnerability which can lead to information disclosure and/or dependency poisoning. Repository content filtering is a security control Gradle introduced to help users specify what repositories are used to resolve specif...
Gradle Gradle
Quarkus Quarkus
9.8
CVSSv3
CVE-2020-21179
Sql injection vulnerability in koa2-blog 1.0.0 allows remote malicious users to Injecting a malicious SQL statement via the name parameter to the signin page.
Koa2-blog Project Koa2-blog 1.0.0
9.8
CVSSv3
CVE-2020-21180
Sql injection vulnerability in koa2-blog 1.0.0 allows remote malicious users to Injecting a malicious SQL statement via the name parameter to the signup page.
Koa2-blog Project Koa2-blog 1.0.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
validation
CVE-2012-1823
malicious code
CVE-2024-5770
CVE-2023-45866
CVE-2024-35687
local users
CVE-2024-31246
CVE-2024-35730
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »