Vendor
Blesta
Products
1
CVEs
4
Across products
4
Status
Private
Products
1- 4 CVEs
Recent CVEs
4| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-25616 | 0.00 | — | 0.00 | Feb 3, 2026 | Blesta 3.x through 5.x before 5.13.3 mishandles input validation, aka CORE-5665. | |||
| CVE-2026-25615 | 0.00 | — | 0.00 | Feb 3, 2026 | Blesta 3.x through 5.x before 5.13.3 allows object injection, aka CORE-5668. | |||
| CVE-2026-25614 | 0.00 | — | 0.00 | Feb 3, 2026 | Blesta 3.x through 5.x before 5.13.3 allows object injection, aka CORE-5680. | |||
| CVE-2024-25859 | 0.00 | — | 0.00 | Feb 28, 2024 | A path traversal vulnerability in the /path/to/uploads/ directory of Blesta before v5.9.2 allows attackers to takeover user accounts and execute arbitrary code. |
- CVE-2026-25616Feb 3, 2026risk 0.00cvss —epss 0.00
Blesta 3.x through 5.x before 5.13.3 mishandles input validation, aka CORE-5665.
- CVE-2026-25615Feb 3, 2026risk 0.00cvss —epss 0.00
Blesta 3.x through 5.x before 5.13.3 allows object injection, aka CORE-5668.
- CVE-2026-25614Feb 3, 2026risk 0.00cvss —epss 0.00
Blesta 3.x through 5.x before 5.13.3 allows object injection, aka CORE-5680.
- CVE-2024-25859Feb 28, 2024risk 0.00cvss —epss 0.00
A path traversal vulnerability in the /path/to/uploads/ directory of Blesta before v5.9.2 allows attackers to takeover user accounts and execute arbitrary code.