Every CVE whose affected-product data names Mblog Project Mblog, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (6)
CVE-2021-27280 — CVSS 7.8 (high): OS Command injection vulnerability in mblog 3.5.0 allows attackers to execute arbitrary code via crafted theme when it gets selected.
CVE-2021-46028 — CVSS 4.3 (medium): In mblog <= 3.5.0 there is a CSRF vulnerability in the background article management. The attacker constructs a CSRF load. Once the…