Every CVE whose affected-product data names Zhyd Oneblog, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (14)
CVE-2025-60355 — CVSS 9.8 (critical): zhangyd-c OneBlog v2.3.9 and before was vulnerable to SSTI (Server-Side Template Injection) via FreeMarker templates.
CVE-2024-54954 — CVSS 8.0 (high): OneBlog v2.3.6 was discovered to contain a template injection vulnerability via the template management department.
CVE-2025-56264 — CVSS 7.5 (high): The /api/comment endpoint in zhangyd-c OneBlog 2.3.9 contains a denial-of-service vulnerability.
CVE-2022-34012 — CVSS 6.5 (medium): Insecure permissions in OneBlog v2.3.4 allows low-level administrators to reset the passwords of high-level administrators who hold greater…
CVE-2024-29473 — CVSS 6.1 (medium): OneBlog v2.3.4 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Role Management module.
CVE-2024-29469 — CVSS 6.1 (medium): A stored cross-site scripting (XSS) vulnerability in OneBlog v2.3.4 allows attackers to execute arbitrary web scripts or HTML via a crafted…
CVE-2024-29470 — CVSS 6.1 (medium): OneBlog v2.3.4 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the component {{rootpath}}/links.
CVE-2024-29471 — CVSS 5.4 (medium): OneBlog v2.3.4 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Notice Manage module.
CVE-2024-29474 — CVSS 5.4 (medium): OneBlog v2.3.4 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the User Management module.
CVE-2024-29472 — CVSS 5.4 (medium): OneBlog v2.3.4 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Privilege Management module.
CVE-2025-2833 — CVSS 5.3 (medium): A vulnerability was found in zhangyd-c OneBlog up to 2.3.9. It has been classified as problematic. Affected is an unknown function of the…
CVE-2025-2835 — CVSS 4.3 (medium): A vulnerability was found in zhangyd-c OneBlog up to 2.3.9. It has been declared as problematic. Affected by this vulnerability is the…
CVE-2022-34011 — CVSS 4.3 (medium): OneBlog v2.3.4 was discovered to contain a Server-Side Request Forgery (SSRF) vulnerability via the parameter entryUrls.
CVE-2022-34013 — CVSS 4.3 (medium): OneBlog v2.3.4 was discovered to contain a Server-Side Request Forgery (SSRF) vulnerability via the Logo parameter under the Link module.