Every CVE whose affected-product data names Perfree Perfreeblog, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (14)
CVE-2023-27757 — CVSS 9.8 (critical): An arbitrary file upload vulnerability in the /admin/user/uploadImg component of PerfreeBlog v3.1.1 allows attackers to execute arbitrary…
CVE-2023-30333 — CVSS 9.8 (critical): An arbitrary file upload vulnerability in the component /admin/ThemeController.java of PerfreeBlog v3.1.2 allows attackers to execute…
CVE-2025-29281 — CVSS 8.8 (high): In PerfreeBlog version 4.0.11, regular users can exploit the arbitrary file upload vulnerability in the attach component to upload…
CVE-2025-29420 — CVSS 7.5 (high): PerfreeBlog v4.0.11 has a directory traversal vulnerability in the getThemeFilesByName function.
CVE-2025-29421 — CVSS 7.5 (high): PerfreeBlog v4.0.11 has an arbitrary file read vulnerability in the getThemeFileContent function.
CVE-2023-40825 — CVSS 7.2 (high): An issue in Perfree PerfreeBlog v.3.1.2 allows a remote attacker to execute arbitrary code via crafted plugin listed in…
CVE-2025-60319 — CVSS 6.5 (medium): PerfreeBlog v4.0.11 is vulnerable to Server-Side Request Forgery due to a missing authorization check in the uploadAttachByUrl API endpoint…
CVE-2023-29643 — CVSS 5.4 (medium): Cross Site Scripting (XSS) vulnerability in PerfreeBlog 3.1.2 allows attackers to execute arbitrary code via the Post function.
CVE-2025-29280 — CVSS 4.8 (medium): Stored cross-site scripting vulnerability exists in PerfreeBlog v4.0.11 in the website name field of the backend system settings interface…
CVE-2025-5164 — CVSS 3.7 (low): A vulnerability has been found in PerfreeBlog 4.0.11 and classified as problematic. This vulnerability affects the function JwtUtil of the…