Known Vulnerabilities for products from Bludit
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Bludit".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-41456 json | Not Provided | 2026-04-21 | 2026-04-21 | |
| CVE-2026-25101 json | Bludit allows user's session identifier to be set before authentication. The value of this session ID stays the same after au... | Not Provided | 2026-03-27 | 2026-04-02 |
| CVE-2026-25100 json | Bludit is vulnerable to Stored Cross-Site Scripting (XSS) in its image upload functionality. An authenticated attacker with c... | Not Provided | 2026-03-27 | 2026-04-01 |
| CVE-2026-25099 json | Bludit’s API plugin allows an authenticated attacker with a valid API token to upload files of any type and extension witho... | Not Provided | 2026-03-27 | 2026-04-01 |
| CVE-2026-4420 json | Bludit is vulnerable to Stored Cross-Site Scripting (XSS) in its page creating functionality. An authenticated attacker with ... | Not Provided | 2026-04-07 | 2026-04-20 |
| CVE-2023-34845 json | Bludit v3.14.1 was discovered to contain an arbitrary file upload vulnerability in the component /admin/new-content. This vul... | 5.4 - MEDIUM | 2023-06-16 | 2023-06-23 |
| CVE-2023-31698 json | Bludit v3.14.1 is vulnerable to Stored Cross Site Scripting (XSS) via SVG file on site logo. | 5.4 - MEDIUM | 2023-05-17 | 2023-12-30 |
| CVE-2023-31572 json | An issue in Bludit 4.0.0-rc-2 allows authenticated attackers to change the Administrator password and escalate privileges via... | 8.8 - HIGH | 2023-05-16 | 2023-05-23 |
| CVE-2023-24675 json | Cross Site Scripting Vulnerability in BluditCMS v.3.14.1 allows attackers to execute arbitrary code via the Categories Friend... | 4.8 - MEDIUM | 2023-09-01 | 2023-11-07 |
| CVE-2023-24674 json | Permissions vulnerability found in Bludit CMS v.4.0.0 allows local attackers to escalate privileges via the role:admin parame... | 7.8 - HIGH | 2023-09-01 | 2023-11-07 |
| CVE-2022-1590 json | A vulnerability was found in Bludit 3.13.1. It has been declared as problematic. This vulnerability affects the endpoint /adm... | 5.4 - MEDIUM | 2022-05-05 | 2022-05-13 |
| CVE-2021-45745 json | A Stored Cross Site Scripting (XSS) vulnerability exists in Bludit 3.13.1 via the About Plugin in login panel. | 5.4 - MEDIUM | 2022-01-06 | 2022-01-07 |
| CVE-2021-45744 json | A Stored Cross Site Scripting (XSS) vulnerability exists in bludit 3.13.1 via the TAGS section in login panel. | 5.4 - MEDIUM | 2022-01-06 | 2022-01-07 |
| CVE-2021-35323 json | Cross Site Scripting (XSS) vulnerability exists in bludit 3-13-1 via the username in admin/login. | 6.1 - MEDIUM | 2021-10-19 | 2021-11-30 |
| CVE-2021-25808 json | A code injection vulnerability in backup/plugin.php of Bludit 3.13.1 allows attackers to execute arbitrary code via a crafted... | 7.8 - HIGH | 2021-07-23 | 2021-08-02 |
| CVE-2020-23765 json | A file upload vulnerability was discovered in the file path /bl-plugins/backup/plugin.php on Bludit version 3.12.0. If an att... | 7.2 - HIGH | 2021-05-21 | 2021-05-27 |
| CVE-2020-20495 json | bludit v3.13.0 contains an arbitrary file deletion vulnerability in the backup plugin via the `deleteBackup' parameter. | 9.1 - CRITICAL | 2021-09-01 | 2021-09-08 |
| CVE-2020-20210 json | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 8.8 - HIGH | 2023-06-26 | 2023-07-05 |
| CVE-2020-19228 json | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 7.2 - HIGH | 2022-05-11 | 2022-05-18 |
| CVE-2020-18879 json | Unrestricted File Upload in Bludit v3.8.1 allows remote attackers to execute arbitrary code by uploading malicious files via ... | 9.8 - CRITICAL | 2021-08-20 | 2021-08-24 |
Known software with vulnerabilities from Bludit
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Bludit | Bludit | 0.1 |