CVE-2025-60355

Critical CVSS: 9.8

zhangyd-c OneBlog v2.3.9 and before was vulnerable to SSTI (Server-Side Template Injection) via FreeMarker templates.

Vendor

Product

CWE

Yayın Tarihi

2025-10-28 18:15:38

Güncelleme

2026-03-04 16:16:25

Source Identifier

cve@mitre.org

KEV Date Added

CWE-1336 Oneblog CRITICAL Zhyd 2025

https://github.com/line2222/vuln/issues/4

High

CVE-2025-56264

The /api/comment endpoint in zhangyd-c OneBlog 2.3.9 contains a denial-of-service vulnerability.

Medium

CVE-2025-2835

A vulnerability was found in zhangyd-c OneBlog up to 2.3.9. It has been declared as problematic. Affected by this vulner…

Medium

CVE-2025-2833

A vulnerability was found in zhangyd-c OneBlog up to 2.3.9. It has been classified as problematic. Affected is an unknow…

High

CVE-2024-54954

OneBlog v2.3.6 was discovered to contain a template injection vulnerability via the template management department.