Known Vulnerabilities for products from S9y
Listed below are 20 of the newest known vulnerabilities associated with the vendor "S9y".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-39971 json | Serendipity is a PHP-powered weblog engine. In versions 2.6-beta2 and below, the email sending functionality in include/funct... | Not Provided | 2026-04-15 | 2026-04-23 |
| CVE-2026-39963 json | Serendipity is a PHP-powered weblog engine. In versions 2.6-beta2 and below, the serendipity_setCookie() function in include... | Not Provided | 2026-04-15 | 2026-04-23 |
| CVE-2023-31576 json | An arbitrary file upload vulnerability in Serendipity 2.4-beta1 allows attackers to execute arbitrary code via a crafted HTML... | 8.8 - HIGH | 2023-05-16 | 2023-05-23 |
| CVE-2020-10964 json | Serendipity before 2.3.4 on Windows allows remote attackers to execute arbitrary code because the filename of a renamed file ... | 9.8 - CRITICAL | 2020-03-25 | 2020-03-27 |
| CVE-2019-11870 json | Serendipity before 2.1.5 has XSS via EXIF data that is mishandled in the templates/2k11/admin/media_choose.tpl Editor Preview... | 6.1 - MEDIUM | 2019-05-09 | 2019-05-10 |
| CVE-2017-1000129 json | Serendipity 2.0.3 is vulnerable to a SQL injection in the blog component resulting in information disclosure | Not Provided | 2017-11-17 | 2025-04-20 |
| CVE-2017-8102 json | Stored XSS in Serendipity v2.1-rc1 allows an attacker to steal an admin's cookie and other information by composing a new ent... | Not Provided | 2017-04-24 | 2025-04-20 |
| CVE-2017-8101 json | There is CSRF in Serendipity 2.0.5, allowing attackers to install any themes via a GET request. | Not Provided | 2017-04-24 | 2025-04-20 |
| CVE-2017-5609 json | SQL injection vulnerability in include/functions_entries.inc.php in Serendipity 2.0.5 allows remote authenticated users to ex... | 8.8 - HIGH | 2017-01-28 | 2019-03-19 |
| CVE-2017-5476 json | Serendipity through 2.0.5 allows CSRF for the installation of an event plugin or a sidebar plugin. | 8.8 - HIGH | 2017-01-14 | 2017-01-25 |
| CVE-2017-5475 json | comment.php in Serendipity through 2.0.5 allows CSRF in deleting any comments. | 8.8 - HIGH | 2017-01-14 | 2017-01-25 |
| CVE-2017-5474 json | Open redirect vulnerability in comment.php in Serendipity through 2.0.5 allows remote attackers to redirect users to arbitrar... | 6.1 - MEDIUM | 2017-01-14 | 2017-01-25 |
| CVE-2016-10752 json | serendipity_moveMediaDirectory in Serendipity 2.0.3 allows remote attackers to upload and execute arbitrary PHP code because ... | 9.8 - CRITICAL | 2019-05-24 | 2019-05-29 |
| CVE-2016-10737 json | Serendipity 2.0.4 has XSS via the serendipity_admin.php serendipity[body] parameter. | 5.4 - MEDIUM | 2019-01-16 | 2019-01-23 |
| CVE-2016-10082 json | include/functions_installer.inc.php in Serendipity through 2.0.5 is vulnerable to File Inclusion and a possible Code Executio... | Not Provided | 2016-12-30 | 2026-05-06 |
| CVE-2016-9752 json | In Serendipity before 2.0.5, an attacker can bypass SSRF protection by using a malformed IP address (e.g., http://127.1) or a... | Not Provided | 2016-12-01 | 2026-05-06 |
| CVE-2016-9681 json | Multiple cross-site scripting (XSS) vulnerabilities in Serendipity before 2.0.5 allow remote authenticated users to inject ar... | Not Provided | 2016-12-25 | 2026-05-06 |
| CVE-2015-8603 json | Cross-site scripting (XSS) vulnerability in Serendipity before 2.0.3 allows remote attackers to inject arbitrary web script o... | Not Provided | 2016-01-12 | 2026-05-06 |
| CVE-2015-6969 json | Cross-site scripting (XSS) vulnerability in js/2k11.min.js in the 2k11 theme in Serendipity before 2.0.2 allows remote attack... | Not Provided | 2015-09-16 | 2026-05-06 |
| CVE-2015-6968 json | Multiple incomplete blacklist vulnerabilities in the serendipity_isActiveFile function in include/functions_images.inc.php in... | Not Provided | 2015-09-16 | 2026-05-06 |
Known software with vulnerabilities from S9y
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | S9y | Serendipity | 0.3 |
| Application | S9y | Serendipity Event Freetag | 2.103 |