zhangyd-c
Products
1- 8 CVEs
Recent CVEs
8| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-34012 | Med | 0.42 | 6.5 | 0.01 | Jun 23, 2022 | Insecure permissions in OneBlog v2.3.4 allows low-level administrators to reset the passwords of high-level administrators who hold greater privileges. | ||
| CVE-2025-2833 | Med | 0.35 | 5.3 | 0.01 | Mar 27, 2025 | A vulnerability was found in zhangyd-c OneBlog up to 2.3.9. It has been classified as problematic. Affected is an unknown function of the component HTTP Header Handler. The manipulation of the argument X-Forwarded-For leads to inefficient regular expression complexity. It is… | ||
| CVE-2021-46025 | Med | 0.35 | 5.4 | 0.01 | Jan 19, 2022 | A Cross SIte Scripting (XSS) vulnerability exists in OneBlog <= 2.2.8. via the add function in the operation tab list in the background. | ||
| CVE-2025-2835 | Med | 0.28 | 4.3 | 0.00 | Mar 27, 2025 | A vulnerability was found in zhangyd-c OneBlog up to 2.3.9. It has been declared as problematic. Affected by this vulnerability is the function autoLink of the file com/zyd/blog/controller/RestApiController.java. The manipulation leads to server-side request forgery. The attack… | ||
| CVE-2022-34013 | Med | 0.28 | 4.3 | 0.01 | Jun 23, 2022 | OneBlog v2.3.4 was discovered to contain a Server-Side Request Forgery (SSRF) vulnerability via the Logo parameter under the Link module. | ||
| CVE-2022-34011 | Med | 0.28 | 4.3 | 0.01 | Jun 23, 2022 | OneBlog v2.3.4 was discovered to contain a Server-Side Request Forgery (SSRF) vulnerability via the parameter entryUrls. | ||
| CVE-2025-60355 | 0.00 | — | 0.00 | Oct 28, 2025 | zhangyd-c OneBlog v2.3.9 and before was vulnerable to SSTI (Server-Side Template Injection) via FreeMarker templates. | |||
| CVE-2025-56264 | 0.00 | — | 0.00 | Sep 16, 2025 | The /api/comment endpoint in zhangyd-c OneBlog 2.3.9 contains a denial-of-service vulnerability. |
- risk 0.42cvss 6.5epss 0.01
Insecure permissions in OneBlog v2.3.4 allows low-level administrators to reset the passwords of high-level administrators who hold greater privileges.
- risk 0.35cvss 5.3epss 0.01
A vulnerability was found in zhangyd-c OneBlog up to 2.3.9. It has been classified as problematic. Affected is an unknown function of the component HTTP Header Handler. The manipulation of the argument X-Forwarded-For leads to inefficient regular expression complexity. It is…
- risk 0.35cvss 5.4epss 0.01
A Cross SIte Scripting (XSS) vulnerability exists in OneBlog <= 2.2.8. via the add function in the operation tab list in the background.
- risk 0.28cvss 4.3epss 0.00
A vulnerability was found in zhangyd-c OneBlog up to 2.3.9. It has been declared as problematic. Affected by this vulnerability is the function autoLink of the file com/zyd/blog/controller/RestApiController.java. The manipulation leads to server-side request forgery. The attack…
- risk 0.28cvss 4.3epss 0.01
OneBlog v2.3.4 was discovered to contain a Server-Side Request Forgery (SSRF) vulnerability via the Logo parameter under the Link module.
- risk 0.28cvss 4.3epss 0.01
OneBlog v2.3.4 was discovered to contain a Server-Side Request Forgery (SSRF) vulnerability via the parameter entryUrls.
- CVE-2025-60355Oct 28, 2025risk 0.00cvss —epss 0.00
zhangyd-c OneBlog v2.3.9 and before was vulnerable to SSTI (Server-Side Template Injection) via FreeMarker templates.
- CVE-2025-56264Sep 16, 2025risk 0.00cvss —epss 0.00
The /api/comment endpoint in zhangyd-c OneBlog 2.3.9 contains a denial-of-service vulnerability.