VYPR
Vendor

perfree

Products
2
CVEs
15
Across products
15
Status
Private

Products

2

Recent CVEs

15
  • CVE-2023-30333CriMay 18, 2023
    risk 0.64cvss 9.8epss 0.01

    An arbitrary file upload vulnerability in the component /admin/ThemeController.java of PerfreeBlog v3.1.2 allows attackers to execute arbitrary code via a crafted file.

  • CVE-2026-11437HigJun 6, 2026
    risk 0.47cvss 7.3epss 0.00

    A flaw has been found in perfree go-fastdfs-web up to 1.3.7. Affected is the function checkServer of the file /install/checkServer of the component Installation Endpoint. Executing a manipulation can lead to server-side request forgery. The attack can be executed remotely. The…

  • CVE-2026-6105HigApr 11, 2026
    risk 0.47cvss 7.3epss 0.00

    A security vulnerability has been detected in perfree go-fastdfs-web up to 1.3.7. This affects an unknown part of the file src/main/java/com/perfree/controller/InstallController.java of the component doInstall Interface. The manipulation leads to improper authorization. The…

  • CVE-2023-40825HigAug 28, 2023
    risk 0.47cvss 7.2epss 0.01

    An issue in Perfree PerfreeBlog v.3.1.2 allows a remote attacker to execute arbitrary code via crafted plugin listed in admin/plugin/access/list.

  • CVE-2023-29643MedMay 1, 2023
    risk 0.35cvss 5.4epss 0.00

    Cross Site Scripting (XSS) vulnerability in PerfreeBlog 3.1.2 allows attackers to execute arbitrary code via the Post function.

  • CVE-2026-3963LowMar 11, 2026
    risk 0.24cvss 3.7epss 0.00

    A security flaw has been discovered in perfree go-fastdfs-web up to 1.3.7. This affects the function rememberMeManager of the file src/main/java/com/perfree/config/ShiroConfig.java of the component Apache Shiro RememberMe. Performing a manipulation results in use of hard-coded…

  • CVE-2025-60319Oct 30, 2025
    risk 0.00cvss epss 0.00

    PerfreeBlog v4.0.11 is vulnerable to Server-Side Request Forgery due to a missing authorization check in the uploadAttachByUrl API endpoint (AttachController.java).

  • CVE-2025-60735Oct 24, 2025
    risk 0.00cvss epss 0.00

    PerfreeBlog v4.0.11 has a File Upload vulnerability in the installPlugin function

  • CVE-2025-60730Oct 24, 2025
    risk 0.00cvss epss 0.00

    PerfreeBlog v4.0.11 has an arbitrary file deletion vulnerability in the unInstallTheme function

  • CVE-2025-60729Oct 24, 2025
    risk 0.00cvss epss 0.00

    PerfreeBlog v4.0.11 has an arbitrary file read vulnerability in the validThemeFilePath function

  • CVE-2025-29420Aug 25, 2025
    risk 0.00cvss epss 0.01

    PerfreeBlog v4.0.11 has a directory traversal vulnerability in the getThemeFilesByName function.

  • CVE-2025-29421Aug 25, 2025
    risk 0.00cvss epss 0.00

    PerfreeBlog v4.0.11 has an arbitrary file read vulnerability in the getThemeFileContent function.

  • CVE-2025-5164May 26, 2025
    risk 0.00cvss epss 0.01

    A vulnerability has been found in PerfreeBlog 4.0.11 and classified as problematic. This vulnerability affects the function JwtUtil of the component JWT Handler. The manipulation leads to use of hard-coded cryptographic key . The attack can be initiated remotely. The complexity…

  • CVE-2025-29280Apr 15, 2025
    risk 0.00cvss epss 0.00

    Stored cross-site scripting vulnerability exists in PerfreeBlog v4.0.11 in the website name field of the backend system settings interface allows an attacker to insert and execute arbitrary malicious code.

  • CVE-2025-29281Apr 15, 2025
    risk 0.00cvss epss 0.01

    In PerfreeBlog version 4.0.11, regular users can exploit the arbitrary file upload vulnerability in the attach component to upload arbitrary files and execute code within them.