7703 matches found
CVE-2025-5510 quequnlong shiyi-blog optimize server-side request forgery
A vulnerability classified as critical was found in quequnlong shiyi-blog up to 1.2.1. This vulnerability affects unknown code of the file /app/sys/article/optimize. The manipulation of the argument url leads to server-side request forgery. The attack can be initiated remotely. The exploit has be...
CVE-2025-5509
A vulnerability classified as critical has been found in quequnlong shiyi-blog up to 1.2.1. This affects an unknown part of the file /api/file/upload. The manipulation of the argument file/source leads to path traversal. It is possible to initiate the attack remotely. The exploit has been disclos...
CVE-2025-5509
A vulnerability classified as critical has been found in quequnlong shiyi-blog up to 1.2.1. This affects an unknown part of the file /api/file/upload. The manipulation of the argument file/source leads to path traversal. It is possible to initiate the attack remotely. The exploit has been disclos...
CVE-2025-5509
A CVE entry for quequnlong shiyi-blog up to version 1.2.1 is described as a critical path traversal vulnerability in /api/file/upload caused by manipulation of the file/source argument. The issue is exploitable remotely and details have been publicly disclosed. Affected component is the upload en...
CVE-2025-5509 quequnlong shiyi-blog upload path traversal
A vulnerability classified as critical has been found in quequnlong shiyi-blog up to 1.2.1. This affects an unknown part of the file /api/file/upload. The manipulation of the argument file/source leads to path traversal. It is possible to initiate the attack remotely. The exploit has been disclos...
CVE-2025-5509 quequnlong shiyi-blog upload path traversal
A vulnerability classified as critical has been found in quequnlong shiyi-blog up to 1.2.1. This affects an unknown part of the file /api/file/upload. The manipulation of the argument file/source leads to path traversal. It is possible to initiate the attack remotely. The exploit has been disclos...
shiyi-blog 安全漏洞
shiyi-blog is a vue+springboot front-end and back-end separated blog system by bule individual developer. A security vulnerability exists in shiyi-blog 1.2.1 and earlier versions, which stems from an improper authorization issue...
shiyi-blog 安全漏洞
shiyi-blog is a vue+springboot front-end and back-end separated blog system by bule individual developer. A security vulnerability exists in shiyi-blog 1.2.1 and earlier versions, which stems from a server-side request forgery due to incorrect manipulation of the parameter url...
shiyi-blog 安全漏洞
shiyi-blog is a vue+springboot front-end and back-end separated blog system by bule individual developer. A security vulnerability exists in shiyi-blog 1.2.1 and earlier versions, which stems from path traversal due to incorrect operation of the file/source parameter...
PT-2025-23646 · Unknown · Quequnlong Shiyi-Blog
Name of the Vulnerable Software and Affected Versions: quequnlong shiyi-blog versions up to 1.2.1 Description: A critical issue was found in the Administrator Backend component, specifically in the /api/sys/user/verifyPassword/ endpoint, affecting an unknown function. This leads to improper...
PT-2025-23645 · Unknown · Quequnlong Shiyi-Blog
Name of the Vulnerable Software and Affected Versions: quequnlong shiyi-blog versions up to 1.2.1 Description: A critical issue has been found in quequnlong shiyi-blog, affecting some unknown processing of the file /dev api/app/album/photos/. This leads to improper authorization, and the attack m...
PT-2025-23643 · Unknown · Quequnlong Shiyi-Blog
Name of the Vulnerable Software and Affected Versions: quequnlong shiyi-blog versions up to 1.2.1 Description: A critical issue was found in the unknown code of the file /app/sys/article/optimize. The manipulation of the url argument leads to server-side request forgery. The attack can be initiat...
PT-2025-23650 · Unknown · Quequnlong Shiyi-Blog
Name of the Vulnerable Software and Affected Versions: quequnlong shiyi-blog versions up to 1.2.1 Description: A vulnerability has been found in quequnlong shiyi-blog, affecting an unknown functionality of the file "/dev-api/api/comment/add". The manipulation of the content argument leads to...
shiyi-blog 代码注入漏洞
shiyi-blog is a vue+springboot front-end and back-end separated blog system by bule individual developer. A code injection vulnerability exists in shiyi-blog 1.2.1 and earlier versions, which stems from a cross-site scripting attack due to incorrect manipulation of the parameter content...
shiyi-blog 授权问题漏洞
shiyi-blog is a vue+springboot front-end and back-end separated blog system by bule individual developer. An authorization issue vulnerability exists in shiyi-blog 1.2.1 and earlier versions, which stems from improper authentication...
PT-2025-23639
Name of the Vulnerable Software and Affected Versions quequnlong shiyi-blog versions up to 1.2.1 Description A critical issue has been discovered, affecting an unknown part of the file /api/file/upload. The manipulation of the file/source argument leads to path traversal. This issue can be...
Malicious code in @seo-frontend-components/blog-schema (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 38bc78437090a04d89a5116ac7ad94f3821cfd50c08d81f48528c53e26b6da96 The OpenSSF Package Analysis project identified '@seo-frontend-components/blog-schema' @ 1.999.0 npm as malicious. It is considered malicious...
Malicious code in @seo-frontend-components/card-blog-carousel (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 1cfcc9a2754a9e96e7bfd7f7c78281a5016b48feeaa8c61f782bcab5dbe4ae8e The OpenSSF Package Analysis project identified '@seo-frontend-components/card-blog-carousel' @ 1.999.0 npm as malicious. It is considered...
Malicious code in @seo-frontend-components/card-blog-entry (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 12425fa8db62cc4b037b603cc3bd493ff000753ccaaa641ff23788b57484698d The OpenSSF Package Analysis project identified '@seo-frontend-components/card-blog-entry' @ 1.999.0 npm as malicious. It is considered maliciou...
Malicious code in @seo-frontend-components/card-blog-carousel-mobile (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 1eaa599a9c0235a5d52b5534f4177883c03e7ae19496ef98593fadfc3a7ccef8 The OpenSSF Package Analysis project identified '@seo-frontend-components/card-blog-carousel-mobile' @ 1.999.2 npm as malicious. It is considere...