VYPR

Shiyi Blog

by Quequnlong

CVEs (6)

  • CVE-2025-12305MedOct 27, 2025
    risk 0.41cvss 6.3epss 0.00

    A vulnerability was found in quequnlong shiyi-blog up to 1.2.1. This impacts an unknown function of the file src/main/java/com/mojian/controller/SysJobController.java of the component Job Handler. The manipulation results in deserialization. The attack can be executed remotely.…

  • CVE-2025-5513Jun 3, 2025
    risk 0.00cvss epss 0.00

    A vulnerability has been found in quequnlong shiyi-blog up to 1.2.1 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /dev-api/api/comment/add. The manipulation of the argument content leads to cross site scripting. The attack…

  • CVE-2025-5512Jun 3, 2025
    risk 0.00cvss epss 0.01

    A vulnerability, which was classified as critical, was found in quequnlong shiyi-blog up to 1.2.1. Affected is an unknown function of the file /api/sys/user/verifyPassword/ of the component Administrator Backend. The manipulation leads to improper authentication. It is possible…

  • CVE-2025-5511Jun 3, 2025
    risk 0.00cvss epss 0.01

    A vulnerability, which was classified as critical, has been found in quequnlong shiyi-blog up to 1.2.1. This issue affects some unknown processing of the file /dev api/app/album/photos/. The manipulation leads to improper authorization. The attack may be initiated remotely. The…

  • CVE-2025-5510Jun 3, 2025
    risk 0.00cvss epss 0.00

    A vulnerability classified as critical was found in quequnlong shiyi-blog up to 1.2.1. This vulnerability affects unknown code of the file /app/sys/article/optimize. The manipulation of the argument url leads to server-side request forgery. The attack can be initiated remotely.…

  • CVE-2025-5509Jun 3, 2025
    risk 0.00cvss epss 0.01

    A vulnerability classified as critical has been found in quequnlong shiyi-blog up to 1.2.1. This affects an unknown part of the file /api/file/upload. The manipulation of the argument file/source leads to path traversal. It is possible to initiate the attack remotely. The…