Browse all 4 CVE security advisories affecting s9y. AI-powered Chinese analysis, POCs, and references for each vulnerability.
s9y is a PHP-based blogging platform focused on content management and publishing. Historically, it has been susceptible to multiple remote code execution vulnerabilities, cross-site scripting (XSS) flaws, and privilege escalation issues. The platform's four recorded CVEs highlight these recurring security challenges, particularly in input validation and access control. While no major public security incidents have been widely documented, the consistent pattern of vulnerabilities suggests potential risks for unpatched installations. Users are advised to maintain current versions and implement security hardening measures to mitigate exposure to these well-documented weaknesses.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-39971 | Serendipity: Host Header Injection leads to SMTP header injection via unvalidated HTTP_HOST — SerendipityCWE-113 | 7.2 | High | 2026-04-14 |
| CVE-2026-39963 | Serendipity: Host Header Injection enables authentication cookie scoping to an attacker-controlled domain — SerendipityCWE-565 | 6.9 | Medium | 2026-04-14 |
| CVE-2023-53933 | Serendipity 2.4.0 Authenticated Remote Code Execution via File Upload — SerendipityCWE-434 | 8.8 | High | 2025-12-17 |
| CVE-2023-53932 | Serendipity 2.4.0 Stored Cross-Site Scripting via Admin Entry Creation — SerendipityCWE-79 | 5.4 | Medium | 2025-12-17 |
This page lists every published CVE security advisory associated with s9y. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.