Aggregates CVE and security vulnerability intelligence across all yandaozi-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Historical issues mainly involve vendor risk cross-site scripting and related problems; some flaws may lead to vendor impact session compromise, affecting vendor surface software deployment scenarios.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2025-54815 | Server-side template injection (SSTI) vulnerability in PPress 0.0.9 allows attackers to execute arbitrary code via crafted themes. | [email protected] | 8.8 | 0.26% | 2025-09-19 | 2025-09-25 |
| CVE-2025-54761 | An issue was discovered in PPress 0.0.9 allowing attackers to gain escilated privlidges via crafted session cookie. | [email protected] | 8.0 | 0.05% | 2025-09-19 | 2025-09-25 |
| CVE-2025-52159 | Hardcoded credentials in default configuration of PPress 0.0.9. | [email protected] | 8.8 | 0.05% | 2025-09-19 | 2025-09-25 |
| CVE-2025-25973 | A stored Cross Site Scripting vulnerability in the "related recommendations" feature in Ppress v.0.0.9 allows a remote attacker to execute arbitrary code via a crafted script to the article.title, article.category, and article.tags parameters. | [email protected] | 6.5 | 0.34% | 2025-02-20 | 2025-09-23 |