Vendor Products CVEs KEV Avg EPSS Worst Severity 1 4 0 29.8% HIGH
CVE ID Description Severity CVSS KEV EPSS Published CVE-2026-25616 Blesta 3.x through 5.x before 5.13.3 mishandles input validation, aka CORE-5665. MEDIUM 6.1 — 30.2% Feb 3, 2026 CVE-2026-25615 Blesta 3.x through 5.x before 5.13.3 allows object injection, aka CORE-5668. HIGH 7.2 — 36.2% Feb 3, 2026 CVE-2026-25614 Blesta 3.x through 5.x before 5.13.3 allows object injection, aka CORE-5680. HIGH 7.5 — 30.6% Feb 3, 2026 CVE-2024-25859 A path traversal vulnerability in the /path/to/uploads/ directory of Blesta before v5.9.2 allows attackers to takeover user accounts and execute arbitrary code. HIGH 7.1 — 22.1% Feb 28, 2024