CVE-2025-56264

High CVSS: 7.5

The /api/comment endpoint in zhangyd-c OneBlog 2.3.9 contains a denial-of-service vulnerability.

Vendor

Product

CWE

Yayın Tarihi

2025-09-16 20:15:36

Güncelleme

2025-09-23 16:44:37

Source Identifier

cve@mitre.org

KEV Date Added

CWE-400 Oneblog HIGH Zhyd 2025

https://github.com/echo0d/vulnerability/blob/main/zhangyd-c_OneBlog/DoS.md https://github.com/echo0d/vulnerability/blob/main/zhangyd-c_OneBlog/DoS.md

Critical

CVE-2025-60355

zhangyd-c OneBlog v2.3.9 and before was vulnerable to SSTI (Server-Side Template Injection) via FreeMarker templates.

Medium

CVE-2025-2835

A vulnerability was found in zhangyd-c OneBlog up to 2.3.9. It has been declared as problematic. Affected by this vulner…

Medium

CVE-2025-2833

A vulnerability was found in zhangyd-c OneBlog up to 2.3.9. It has been classified as problematic. Affected is an unknow…

High

CVE-2024-54954

OneBlog v2.3.6 was discovered to contain a template injection vulnerability via the template management department.