VYPR

Blesta

by Blesta

CVEs (4)

  • CVE-2026-25616Feb 3, 2026
    risk 0.00cvss epss 0.00

    Blesta 3.x through 5.x before 5.13.3 mishandles input validation, aka CORE-5665.

  • CVE-2026-25615Feb 3, 2026
    risk 0.00cvss epss 0.00

    Blesta 3.x through 5.x before 5.13.3 allows object injection, aka CORE-5668.

  • CVE-2026-25614Feb 3, 2026
    risk 0.00cvss epss 0.00

    Blesta 3.x through 5.x before 5.13.3 allows object injection, aka CORE-5680.

  • CVE-2024-25859Feb 28, 2024
    risk 0.00cvss epss 0.00

    A path traversal vulnerability in the /path/to/uploads/ directory of Blesta before v5.9.2 allows attackers to takeover user accounts and execute arbitrary code.