CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

143 matches found

RedhatCVE•added 2025/10/29 12:11 a.m.•36 views

CVE-2025-60355

zhangyd-c OneBlog v2.3.9 and before was vulnerable to SSTI Server-Side Template Injection via FreeMarker templates...

9.8CVSS5.9AI score0.00436EPSS

Exploits1References1

EUVD•added 2025/10/28 6:30 p.m.•4 views

EUVD-2025-36547

zhangyd-c OneBlog before 2.3.9 was vulnerable to SSTI Server-Side Template Injection via FreeMarker templates...

6.4AI score0.00436EPSS

Exploits1References2

OSV•added 2025/10/28 6:15 p.m.•2 views

CVE-2025-60355

zhangyd-c OneBlog v2.3.9 and before was vulnerable to SSTI Server-Side Template Injection via FreeMarker templates...

9.8CVSS5.8AI score0.00436EPSS

Exploits1References1

NVD•added 2025/10/28 6:15 p.m.•5 views

CVE-2025-60355

zhangyd-c OneBlog v2.3.9 and before was vulnerable to SSTI Server-Side Template Injection via FreeMarker templates...

9.8CVSS0.00436EPSS

Exploits1References1

Cvelist•added 2025/10/28 12:0 a.m.•7 views

CVE-2025-60355

zhangyd-c OneBlog v2.3.9 and before was vulnerable to SSTI Server-Side Template Injection via FreeMarker templates...

0.00436EPSS

Exploits1References1

CVE•added 2025/10/28 12:0 a.m.•6 views

CVE-2025-60355

CVE-2025-60355 affects the web application OneBlog prior to version 2.3.9. The vulnerability is a Server-Side Template Injection (SSTI) via FreeMarker templates, caused by unsafe processing of templates on the server. The CVE entries indicate a high-impact profile (CVSS 3.1: 9.8, CRITICAL) with n...

9.8CVSS5.9AI score0.00436EPSS

Exploits1References1Affected Software1

Vulnrichment•added 2025/10/28 12:0 a.m.•3 views

CVE-2025-60355

zhangyd-c OneBlog v2.3.9 and before was vulnerable to SSTI Server-Side Template Injection via FreeMarker templates...

5.9AI score0.00436EPSS

Exploits1References1

Positive Technologies•added 2025/10/28 12:0 a.m.•4 views

PT-2025-44194

Name of the Vulnerable Software and Affected Versions zhangyd-c OneBlog versions prior to 2.3.9 Description The software is susceptible to Server-Side Template Injection SSTI through FreeMarker templates. SSTI allows an attacker to inject malicious code into the server, potentially leading to...

9.8CVSS7.1AI score0.00436EPSS

Exploits1References3

CNNVD•added 2025/10/28 12:0 a.m.•4 views

OneBlog 安全漏洞

OneBlog is a beautiful and powerful Java blog by yadong.zhang individual developer. A security vulnerability exists in OneBlog versions prior to 2.3.9, which stems from a server-side template injection in FreeMarker templates...

9.8CVSS7AI score0.00436EPSS

Exploits1References2