CVE-2025-60355
zhangyd-c OneBlog v2.3.9 and before was vulnerable to SSTI (Server-Side Template Injection) via FreeMarker templates.
CVE-2025-56264
The /api/comment endpoint in zhangyd-c OneBlog 2.3.9 contains a denial-of-service vulnerability.
CVE-2025-2835
A vulnerability was found in zhangyd-c OneBlog up to 2.3.9. It has been declared as problematic. Affected by this vulnerability is the function autoLink of the file com/zyd/blog/controller/RestApiController.java. The manipulation leads to s…
CVE-2025-2833
A vulnerability was found in zhangyd-c OneBlog up to 2.3.9. It has been classified as problematic. Affected is an unknown function of the component HTTP Header Handler. The manipulation of the argument X-Forwarded-For leads to inefficient r…
CVE-2024-54954
OneBlog v2.3.6 was discovered to contain a template injection vulnerability via the template management department.