Affected Products

Vendor / product matrix with CVE counts sourced from the CPE catalog.

Export CSV

Products

1 vendor
VendorProductsCVEsKEVAvg EPSSWorst Severity
zhyd
114031.9%CRITICAL

Related CVEs

14
CVE IDDescriptionSeverityCVSSKEVEPSSPublished
CVE-2025-60355zhangyd-c OneBlog v2.3.9 and before was vulnerable to SSTI (Server-Side Template Injection) via FreeMarker templates.CRITICAL9.837.0%Oct 28, 2025
CVE-2025-56264The /api/comment endpoint in zhangyd-c OneBlog 2.3.9 contains a denial-of-service vulnerability.HIGH7.529.4%Sep 16, 2025
CVE-2025-2835A vulnerability was found in zhangyd-c OneBlog up to 2.3.9. It has been declared as problematic. Affected by this vulnerability is the function autoLink of the file com/zyd/blog/controller/RestApiController.java. The manipulation leads to server-side request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.MEDIUM5.324.1%Mar 27, 2025
CVE-2025-2833A vulnerability was found in zhangyd-c OneBlog up to 2.3.9. It has been classified as problematic. Affected is an unknown function of the component HTTP Header Handler. The manipulation of the argument X-Forwarded-For leads to inefficient regular expression complexity. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.MEDIUM6.947.4%Mar 27, 2025
CVE-2024-54954OneBlog v2.3.6 was discovered to contain a template injection vulnerability via the template management department.HIGH8.033.2%Feb 10, 2025
CVE-2024-29474OneBlog v2.3.4 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the User Management module.MEDIUM5.431.8%Mar 20, 2024
CVE-2024-29473OneBlog v2.3.4 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Role Management module.MEDIUM6.128.6%Mar 20, 2024
CVE-2024-29472OneBlog v2.3.4 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Privilege Management module.MEDIUM5.429.8%Mar 20, 2024
CVE-2024-29471OneBlog v2.3.4 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Notice Manage module.MEDIUM5.430.5%Mar 20, 2024
CVE-2024-29470OneBlog v2.3.4 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the component {{rootpath}}/links.MEDIUM6.129.3%Mar 20, 2024
CVE-2024-29469A stored cross-site scripting (XSS) vulnerability in OneBlog v2.3.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Category List parameter under the Lab module.MEDIUM6.129.3%Mar 20, 2024
CVE-2022-34013OneBlog v2.3.4 was discovered to contain a Server-Side Request Forgery (SSRF) vulnerability via the Logo parameter under the Link module.MEDIUM4.3Jun 23, 2022
CVE-2022-34012Insecure permissions in OneBlog v2.3.4 allows low-level administrators to reset the passwords of high-level administrators who hold greater privileges.MEDIUM6.5Jun 23, 2022
CVE-2022-34011OneBlog v2.3.4 was discovered to contain a Server-Side Request Forgery (SSRF) vulnerability via the parameter entryUrls.MEDIUM4.3Jun 23, 2022