147 matches found
EUVD-2026-42158
An issue in Oneblog V2.3.9 allows a remote attacker to obtain sensitive information via the RestApiController.java, JsApiTicketComponent.java, and the GetAccessTokenComponent.java component...
CVE-2026-51937
An issue in Oneblog V2.3.9 allows a remote attacker to obtain sensitive information via the RestApiController.java, JsApiTicketComponent.java, and the GetAccessTokenComponent.java component...
CVE-2026-51937
OneBlog v2.3.9 is affected by a remote information-disclosure issue in RestApiController.java, JsApiTicketComponent.java, and GetAccessTokenComponent.java. The CVE-2026-51937 entry cites a high-severity (CVSS 3.1: 7.5) vulnerability with network access and low attack complexity, exposing sensitiv...
CVE-2026-51937
An issue in Oneblog V2.3.9 allows a remote attacker to obtain sensitive information via the RestApiController.java, JsApiTicketComponent.java, and the GetAccessTokenComponent.java component...
CVE-2025-60355
zhangyd-c OneBlog v2.3.9 and before was vulnerable to SSTI Server-Side Template Injection via FreeMarker templates...
EUVD-2025-36547
zhangyd-c OneBlog before 2.3.9 was vulnerable to SSTI Server-Side Template Injection via FreeMarker templates...
CVE-2025-60355
zhangyd-c OneBlog v2.3.9 and before was vulnerable to SSTI Server-Side Template Injection via FreeMarker templates...
CVE-2025-60355
zhangyd-c OneBlog v2.3.9 and before was vulnerable to SSTI Server-Side Template Injection via FreeMarker templates...
OneBlog 安全漏洞
OneBlog is a beautiful and powerful Java blog by yadong.zhang individual developer. A security vulnerability exists in OneBlog versions prior to 2.3.9, which stems from a server-side template injection in FreeMarker templates...
CVE-2025-60355
CVE-2025-60355 affects the web application OneBlog prior to version 2.3.9. The vulnerability is a Server-Side Template Injection (SSTI) via FreeMarker templates, caused by unsafe processing of templates on the server. The CVE entries indicate a high-impact profile (CVSS 3.1: 9.8, CRITICAL) with n...
CVE-2025-60355
zhangyd-c OneBlog v2.3.9 and before was vulnerable to SSTI Server-Side Template Injection via FreeMarker templates...
PT-2025-44194
Name of the Vulnerable Software and Affected Versions zhangyd-c OneBlog versions prior to 2.3.9 Description The software is susceptible to Server-Side Template Injection SSTI through FreeMarker templates. SSTI allows an attacker to inject malicious code into the server, potentially leading to...
CVE-2025-60355
zhangyd-c OneBlog v2.3.9 and before was vulnerable to SSTI Server-Side Template Injection via FreeMarker templates...
CVE-2025-60355
zhangyd-c OneBlog v2.3.9 and before was vulnerable to SSTI Server-Side Template Injection via FreeMarker templates...
EUVD-2021-32787
Malicious code in bioql PyPI...
EUVD-2021-32731
Malicious code in bioql PyPI...
EUVD-2024-52716
Malicious code in bioql PyPI...
EUVD-2025-8271
Malicious code in bioql PyPI...
EUVD-2024-26478
Malicious code in bioql PyPI...
EUVD-2022-37044
Malicious code in bioql PyPI...