Search Results (2 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-51937 1 Zhangyd-c 1 Oneblog 2026-07-08 7.5 High
An issue in Oneblog V2.3.9 allows a remote attacker to obtain sensitive information via the RestApiController.java, JsApiTicketComponent.java, and the GetAccessTokenComponent.java component
CVE-2025-60355 2 Zhangyd-c, Zhyd 2 Oneblog, Oneblog 2026-03-04 9.8 Critical
zhangyd-c OneBlog v2.3.9 and before was vulnerable to SSTI (Server-Side Template Injection) via FreeMarker templates.