VYPR

Bolo Solo

by Adlered

Source repositories

CVEs (7)

  • CVE-2026-1813MedFeb 4, 2026
    risk 0.41cvss 6.3epss 0.00

    A vulnerability was found in bolo-blog bolo-solo up to 2.6.4. Affected is an unknown function of the file src/main/java/org/b3log/solo/bolo/pic/PicUploadProcessor.java of the component FreeMarker Template Handler. The manipulation of the argument File results in unrestricted…

  • CVE-2026-1812MedFeb 3, 2026
    risk 0.41cvss 6.3epss 0.00

    A vulnerability has been found in bolo-blog bolo-solo up to 2.6.4. This impacts the function importFromCnblogs of the file src/main/java/org/b3log/solo/bolo/prop/BackupService.java of the component Filename Handler. The manipulation of the argument File leads to path traversal.…

  • CVE-2026-1811MedFeb 3, 2026
    risk 0.41cvss 6.3epss 0.00

    A flaw has been found in bolo-blog bolo-solo up to 2.6.4. This affects the function importFromMarkdown of the file src/main/java/org/b3log/solo/bolo/prop/BackupService.java of the component Filename Handler. Executing a manipulation of the argument File can lead to path…

  • CVE-2026-1810MedFeb 3, 2026
    risk 0.41cvss 6.3epss 0.00

    A vulnerability was detected in bolo-blog bolo-solo up to 2.6.4. The impacted element is the function unpackFilteredZip of the file src/main/java/org/b3log/solo/bolo/prop/BackupService.java of the component ZIP File Handler. Performing a manipulation of the argument File results…

  • CVE-2026-1691MedJan 30, 2026
    risk 0.41cvss 6.3epss 0.01

    A vulnerability has been found in bolo-solo up to 2.6.4. This impacts the function importMarkdownsSync of the file src/main/java/org/b3log/solo/bolo/prop/BackupService.java of the component SnakeYAML. Such manipulation leads to deserialization. The attack may be launched…

  • CVE-2026-4616LowMar 24, 2026
    risk 0.16cvss 2.4epss 0.00

    A security flaw has been discovered in bolo-blog up to 2.6.4. The affected element is an unknown function of the file /console/article/ of the component Article Title Handler. Performing a manipulation of the argument articleTitle results in cross site scripting. It is possible…

  • CVE-2023-41009Sep 5, 2023
    risk 0.00cvss epss 0.02

    File Upload vulnerability in adlered bolo-solo v.2.6 allows a remote attacker to execute arbitrary code via a crafted script to the authorization field in the header.