Every CVE whose affected-product data names Appleple A-blog Cms, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (26)
CVE-2022-21142 — CVSS 9.8 (critical): Authentication bypass vulnerability in a-blog cms Ver.2.8.x series versions prior to Ver.2.8.74, Ver.2.9.x series versions prior to…
CVE-2024-23180 — CVSS 8.8 (high): Improper input validation vulnerability in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.7, Ver.3.0.x series versions prior to…
CVE-2024-23348 — CVSS 8.8 (high): Improper input validation vulnerability in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.7, Ver.3.0.x series versions prior to…
CVE-2025-36560 — CVSS 8.6 (high): Server-side request forgery vulnerability exists in a-blog cms multiple versions. If this vulnerability is exploited, a remote…
CVE-2024-23182 — CVSS 8.1 (high): Relative path traversal vulnerability in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.7, Ver.3.0.x series versions prior to…
CVE-2025-31103 — CVSS 7.5 (high): Untrusted data deserialization vulnerability exists in a-blog cms. Processing a specially crafted request may store arbitrary files on the…
CVE-2024-31396 — CVSS 6.6 (medium): Code injection vulnerability exists in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.12 and Ver.3.0.x series versions prior to…
CVE-2024-31394 — CVSS 6.5 (medium): Directory traversal vulnerability exists in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.12, Ver.3.0.x series versions prior to…
CVE-2022-23810 — CVSS 6.5 (medium): Template injection (Improper Neutralization of Special Elements Used in a Template Engine) vulnerability in a-blog cms Ver.2.8.x series…
CVE-2016-1178 — CVSS 6.5 (medium): The session management of the comment functionality in appleple a-blog cms 2.6.0.1 and earlier allows remote attackers to obtain or modify…
CVE-2024-27279 — CVSS 6.5 (medium): Directory traversal vulnerability exists in a-blog cms Ver.3.1.x series Ver.3.1.9 and earlier, Ver.3.0.x series Ver.3.0.30 and earlier…
CVE-2016-1179 — CVSS 6.1 (medium): Cross-site scripting (XSS) vulnerability in the standard template of the comment functionality in appleple a-blog cms 2.6.0.1 and earlier…
CVE-2022-23916 — CVSS 6.1 (medium): Cross-site scripting vulnerability in a-blog cms Ver.2.8.x series versions prior to Ver.2.8.75, Ver.2.9.x series versions prior to…
CVE-2019-6033 — CVSS 6.1 (medium): Cross-site scripting vulnerability in a-blog cms versions prior to Ver.2.10.23 (Ver.2.10.x), Ver.2.9.26 (Ver.2.9.x), and Ver.2.8.64…
CVE-2019-6034 — CVSS 6.1 (medium): a-blog cms versions prior to Ver.2.10.23 (Ver.2.10.x), Ver.2.9.26 (Ver.2.9.x), and Ver.2.8.64 (Ver.2.8.x) allows arbitrary scripts to be…
CVE-2024-31395 — CVSS 6.1 (medium): Cross-site scripting vulnerability exists in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.12, Ver.3.0.x series versions prior to…
CVE-2024-23181 — CVSS 6.1 (medium): Cross-site scripting vulnerability in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.7, Ver.3.0.x series versions prior to…
CVE-2022-24374 — CVSS 6.1 (medium): Cross-site scripting vulnerability in a-blog cms Ver.2.8.x series versions prior to Ver.2.8.75, Ver.2.9.x series versions prior to…
CVE-2024-23782 — CVSS 5.4 (medium): Cross-site scripting vulnerability exists in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.7, Ver.3.0.x series versions prior to…
CVE-2024-23183 — CVSS 5.4 (medium): Cross-site scripting vulnerability in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.7, Ver.3.0.x series versions prior to…
CVE-2024-30419 — CVSS 5.4 (medium): Cross-site scripting vulnerability exists in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.12, Ver.3.0.x series versions prior to…
CVE-2025-32999 — CVSS 5.4 (medium): Cross-site scripting vulnerability exists in a-blog cms versions prior to Ver. 3.1.43 and prior to Ver. 3.0.47. This issue exists in a…
CVE-2025-41429 — CVSS 4.8 (medium): a-blog cms multiple versions neutralize logs improperly. If this vulnerability is exploited with CVE-2025-36560, a remote unauthenticated…
CVE-2024-25559 — CVSS 4.7 (medium): URL spoofing vulnerability exists in a-blog cms Ver.3.1.0 to Ver.3.1.8. If an attacker sends a specially crafted request, the administrator…
CVE-2024-30420 — CVSS 4.4 (medium): Server-side request forgery (SSRF) vulnerability exists in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.12 and Ver.3.0.x series…
CVE-2025-27566 — CVSS 3.8 (low): Path traversal vulnerability exists in a-blog cms versions prior to Ver. 3.1.43 and versions prior to Ver. 3.0.47. This is an issue with…