s9y

Top products

The 15 most recently published vulnerabilities affecting s9y.

• CVE-2026-39971Serendipity: Host Header Injection leads to SMTP header injection via unvalidated HTTP_HOST7.2Apr 14, 2026
• CVE-2026-39963Serendipity: Host Header Injection enables authentication cookie scoping to an attacker-controlled domain6.9Apr 14, 2026
• CVE-2023-53933Serendipity 2.4.0 Authenticated Remote Code Execution via File Upload8.8Dec 17, 2025
• CVE-2023-53932Serendipity 2.4.0 Stored Cross-Site Scripting via Admin Entry Creation5.4Dec 17, 2025
• CVE-2024-58282Serendipity 2.5.0 Remote Code Execution via Authenticated Media Upload7.2Dec 10, 2025
• CVE-2023-31576An arbitrary file upload vulnerability in Serendipity 2.4-beta1 allows attackers to execute arbitrary code via a crafted HTML or Javascript file.8.8May 16, 2023
• CVE-2020-10964Serendipity before 2.3.4 on Windows allows remote attackers to execute arbitrary code because the filename of a renamed file may end with a dot. This file may then be renamed to have a .php filename.9.8Mar 25, 2020
• CVE-2011-3610A Cross-site Scripting (XSS) vulnerability exists in the Serendipity freetag plugin before 3.30 in the tagcloud parameter to plugins/serendipity_event_freetag/tagcloud.swf.6.1Jan 22, 2020
• CVE-2011-4090Serendipity before 1.6 has an XSS issue in the karma plugin which may allow privilege escalation.6.1Nov 26, 2019
• CVE-2011-1135Cross-Site Scripting (XSS) in Xinha, as included in the Serendipity package before 1.5.5, allows remote attackers to execute arbitrary code in plugins/ExtendedFileManager/manager.php and plugins/Im...6.1Nov 5, 2019
• CVE-2011-1134Cross-Site Scripting (XSS) in Xinha, as included in the Serendipity package before 1.5.5, allows remote attackers to execute arbitrary code in the image manager.9.8Nov 5, 2019
• CVE-2011-1133Cross-Site Scripting (XSS) in Xinha, as included in the Serendipity package before 1.5.5, allows remote attackers to execute arbitrary code via plugins/ExtendedFileManager/backend.php.6.1Nov 5, 2019
• CVE-2016-10752serendipity_moveMediaDirectory in Serendipity 2.0.3 allows remote attackers to upload and execute arbitrary PHP code because it mishandles an extensionless filename during a rename, as demonstrated...9.8May 24, 2019
• CVE-2019-11870Serendipity before 2.1.5 has XSS via EXIF data that is mishandled in the templates/2k11/admin/media_choose.tpl Editor Preview feature or the templates/2k11/admin/media_items.tpl Media Library feature.6.1May 9, 2019
• CVE-2016-10737Serendipity 2.0.4 has XSS via the serendipity_admin.php serendipity[body] parameter.5.4Jan 16, 2019