EUVD-2025-36333

A vulnerability was found in quequnlong shiyi-blog up to 1.2.1. This impacts an unknown function of the file src/main/java/com/mojian/controller/SysJobController.java of the component Job Handler. The manipulation results in deserialization. The attack can be executed remotely. The exploit has be...

EUVD-2025-16753

Malicious code in bioql PyPI...

EUVD-2025-16765

Malicious code in bioql PyPI...

EUVD-2025-16772

Malicious code in bioql PyPI...

EUVD-2025-16773

Malicious code in bioql PyPI...

CVE-2025-5513

A vulnerability has been found in quequnlong shiyi-blog up to 1.2.1 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /dev-api/api/comment/add. The manipulation of the argument content leads to cross site scripting. The attack can be launched...

CVE-2025-5511

A vulnerability, which was classified as critical, has been found in quequnlong shiyi-blog up to 1.2.1. This issue affects some unknown processing of the file /dev api/app/album/photos/. The manipulation leads to improper authorization. The attack may be initiated remotely. The exploit has been...

CVE-2025-5510

A vulnerability classified as critical was found in quequnlong shiyi-blog up to 1.2.1. This vulnerability affects unknown code of the file /app/sys/article/optimize. The manipulation of the argument url leads to server-side request forgery. The attack can be initiated remotely. The exploit has be...

CVE-2025-5509

A vulnerability classified as critical has been found in quequnlong shiyi-blog up to 1.2.1. This affects an unknown part of the file /api/file/upload. The manipulation of the argument file/source leads to path traversal. It is possible to initiate the attack remotely. The exploit has been disclos...

CVE-2025-5513

A vulnerability has been found in quequnlong shiyi-blog up to 1.2.1 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /dev-api/api/comment/add. The manipulation of the argument content leads to cross site scripting. The attack can be launched...

CVE-2025-5513 quequnlong shiyi-blog add cross site scripting

A vulnerability has been found in quequnlong shiyi-blog up to 1.2.1 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /dev-api/api/comment/add. The manipulation of the argument content leads to cross site scripting. The attack can be launched...

CVE-2025-5513

CVE-2025-5513 affects quequnlong shiyi-blog up to version 1.2.1. The vulnerability concerns an unknown function at /dev-api/api/comment/add where manipulating the content argument enables cross-site scripting. Attacks can be launched remotely, and the exploit has been disclosed publicly; vendor r...

CVE-2025-5513 quequnlong shiyi-blog add cross site scripting

A vulnerability has been found in quequnlong shiyi-blog up to 1.2.1 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /dev-api/api/comment/add. The manipulation of the argument content leads to cross site scripting. The attack can be launched...

CVE-2025-5511

A vulnerability, which was classified as critical, has been found in quequnlong shiyi-blog up to 1.2.1. This issue affects some unknown processing of the file /dev api/app/album/photos/. The manipulation leads to improper authorization. The attack may be initiated remotely. The exploit has been...

CVE-2025-5510

A vulnerability classified as critical was found in quequnlong shiyi-blog up to 1.2.1. This vulnerability affects unknown code of the file /app/sys/article/optimize. The manipulation of the argument url leads to server-side request forgery. The attack can be initiated remotely. The exploit has be...

CVE-2025-5510

A vulnerability classified as critical was found in quequnlong shiyi-blog up to 1.2.1. This vulnerability affects unknown code of the file /app/sys/article/optimize. The manipulation of the argument url leads to server-side request forgery. The attack can be initiated remotely. The exploit has be...

CVE-2025-5512 quequnlong shiyi-blog Administrator Backend verifyPassword improper authentication

A vulnerability, which was classified as critical, was found in quequnlong shiyi-blog up to 1.2.1. Affected is an unknown function of the file /api/sys/user/verifyPassword/ of the component Administrator Backend. The manipulation leads to improper authentication. It is possible to launch the atta...

CVE-2025-5512

Summary (CVE-2025-5512) : quequnlong shiyi-blog, up to version 1.2.1, has an improper authentication flaw in the Administrator Backend at /api/sys/user/verifyPassword/. The vulnerability affects the Administrator Backend component and can be exploited remotely; multiple sources (NVD/NVD mirror, R...

CVE-2025-5512 quequnlong shiyi-blog Administrator Backend verifyPassword improper authentication

A vulnerability, which was classified as critical, was found in quequnlong shiyi-blog up to 1.2.1. Affected is an unknown function of the file /api/sys/user/verifyPassword/ of the component Administrator Backend. The manipulation leads to improper authentication. It is possible to launch the atta...

CVE-2025-5511 quequnlong shiyi-blog photos improper authorization

A vulnerability, which was classified as critical, has been found in quequnlong shiyi-blog up to 1.2.1. This issue affects some unknown processing of the file /dev api/app/album/photos/. The manipulation leads to improper authorization. The attack may be initiated remotely. The exploit has been...