zhyd oneblog CVE Vulnerabilities (14)

CVEs: 14 CPE versions: View versions table

Summary

This page lists publicly disclosed CVE vulnerabilities affecting zhyd oneblog (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.

Showing 114 of 14 CVEs
«« First « Prev Page 1 / 1 Next »
CVE Summary Source Max CVSS EPSS % Published Updated
CVE-2025-60355 zhangyd-c OneBlog v2.3.9 and before was vulnerable to SSTI (Server-Side Template Injection) via FreeMarker templates. [email protected] 9.8 0.47% 2025-10-28 2026-06-17
CVE-2025-56264 The /api/comment endpoint in zhangyd-c OneBlog 2.3.9 contains a denial-of-service vulnerability. [email protected] 7.5 0.38% 2025-09-16 2026-06-17
CVE-2025-2835 A vulnerability was found in zhangyd-c OneBlog up to 2.3.9. It has been declared as problematic. Affected by this vulnerability is the function autoLink of the file com/zyd/blog/controller/RestApiController.java. The manipulation leads to server-side request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. [email protected] 5.3 0.28% 2025-03-27 2026-06-17
CVE-2025-2833 A vulnerability was found in zhangyd-c OneBlog up to 2.3.9. It has been classified as problematic. Affected is an unknown function of the component HTTP Header Handler. The manipulation of the argument X-Forwarded-For leads to inefficient regular expression complexity. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. [email protected] 6.9 0.67% 2025-03-27 2026-06-17
CVE-2024-54954 OneBlog v2.3.6 was discovered to contain a template injection vulnerability via the template management department. [email protected] 8.0 0.40% 2025-02-10 2026-06-17
CVE-2024-29474 OneBlog v2.3.4 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the User Management module. [email protected] 5.4 0.40% 2024-03-20 2026-06-17
CVE-2024-29473 OneBlog v2.3.4 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Role Management module. [email protected] 6.1 0.40% 2024-03-20 2026-06-17
CVE-2024-29472 OneBlog v2.3.4 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Privilege Management module. [email protected] 5.4 0.38% 2024-03-20 2026-06-17
CVE-2024-29471 OneBlog v2.3.4 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Notice Manage module. [email protected] 5.4 0.39% 2024-03-20 2026-06-17
CVE-2024-29470 OneBlog v2.3.4 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the component {{rootpath}}/links. [email protected] 6.1 0.38% 2024-03-20 2026-06-17
CVE-2024-29469 A stored cross-site scripting (XSS) vulnerability in OneBlog v2.3.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Category List parameter under the Lab module. [email protected] 6.1 0.38% 2024-03-20 2026-06-17
CVE-2022-34013 OneBlog v2.3.4 was discovered to contain a Server-Side Request Forgery (SSRF) vulnerability via the Logo parameter under the Link module. [email protected] 4.3 0.47% 2022-06-23 2026-06-17
CVE-2022-34012 Insecure permissions in OneBlog v2.3.4 allows low-level administrators to reset the passwords of high-level administrators who hold greater privileges. [email protected] 6.5 0.49% 2022-06-23 2026-06-17
CVE-2022-34011 OneBlog v2.3.4 was discovered to contain a Server-Side Request Forgery (SSRF) vulnerability via the parameter entryUrls. [email protected] 4.3 0.47% 2022-06-23 2026-06-17
«« First « Prev Page 1 / 1 Next »
cvelogic Threat Intelligence