15 matches found
EUVD-2021-32731
Malicious code in bioql PyPI...
EUVD-2021-32787
Malicious code in bioql PyPI...
CVE-2024-29470
OneBlog v2.3.4 was discovered to contain a stored cross-site scripting XSS vulnerability via the component rootpath/links...
CVE-2024-29472
OneBlog v2.3.4 was discovered to contain a stored cross-site scripting XSS vulnerability via the Privilege Management module...
CVE-2025-2833
A vulnerability was found in zhangyd-c OneBlog up to 2.3.9. It has been classified as problematic. Affected is an unknown function of the component HTTP Header Handler. The manipulation of the argument X-Forwarded-For leads to inefficient regular expression complexity. It is possible to launch th...
CVE-2025-2835 zhangyd-c OneBlog RestApiController.java autoLink server-side request forgery
A vulnerability was found in zhangyd-c OneBlog up to 2.3.9. It has been declared as problematic. Affected by this vulnerability is the function autoLink of the file com/zyd/blog/controller/RestApiController.java. The manipulation leads to server-side request forgery. The attack can be launched...
CVE-2025-2835
The CVE-2025-2835 entry concerns zhangyd-c OneBlog up to version 2.3.9. The vulnerable item is the autoLink function in com/zyd/blog/controller/RestApiController.java, where manipulation can trigger server-side request forgery (SSRF). The issue allows remote exploitation, and public disclosures e...
CVE-2025-2833 zhangyd-c OneBlog HTTP Header redos
A vulnerability was found in zhangyd-c OneBlog up to 2.3.9. It has been classified as problematic. Affected is an unknown function of the component HTTP Header Handler. The manipulation of the argument X-Forwarded-For leads to inefficient regular expression complexity. It is possible to launch th...
CVE-2025-2833
The CVE-2025-2833 entry concerns zhangyd-c OneBlog (≤2.3.9) where the HTTP Header Handler’s handling of X-Forwarded-For allows an attack via insufficient regular-expression complexity (a ReDoS-like issue). A remote attacker could exploit this vulnerability; exploitation details are present in con...
OneBlog Lab Module Cross-Site Scripting Vulnerability
OneBlog is a Java blog. OneBlog v2.3.4 version of a cross-site scripting vulnerability , the vulnerability stems from the Lab module under the Category List parameter of the user-supplied data lack of effective filtering and escaping , an attacker can exploit the vulnerability by injecting a...
OneBlog Cross-Site Scripting Vulnerability
OneBlog is a Java blog. A cross-site scripting vulnerability exists in OneBlog v2.3.4, which stems from the lack of effective filtering and escaping of user-supplied data in the component rootpath/links, and can be exploited by an attacker to execute arbitrary web script or HTML by injecting a...
OneBlog 安全漏洞
OneBlog is a beautiful and powerful Java blog. A security vulnerability exists in OneBlog v2.3.4, which stems from a stored cross-site scripting XSS vulnerability in the Notice Manage module...
CVE-2022-34013
OneBlog v2.3.4 was discovered to contain a Server-Side Request Forgery SSRF vulnerability via the Logo parameter under the Link module...
CVE-2021-46085
OneBlog = 2.2.8 is vulnerable to Insecure Permissions. Low level administrators can delete high-level administrators beyond their authority...
CVE-2021-46085
OneBlog = 2.2.8 is vulnerable to Insecure Permissions. Low level administrators can delete high-level administrators beyond their authority...