cbcvebase.

Quequnlong Shiyi-Blog vulnerabilities

6 known vulnerabilities affecting quequnlong/shiyi-blog.

Total CVEs
6
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL4HIGH1MEDIUM1

Vulnerabilities

Page 1 of 1
CVE-2025-5509P2CRITICALCVSS 9.8≤ 1.2.1v1.2.0+1 more2025-06-03
CVE-2025-5509 [CRITICAL] CWE-22 CVE-2025-5509: A vulnerability classified as critical has been found in quequnlong shiyi-blog up to 1.2.1. This aff A vulnerability classified as critical has been found in quequnlong shiyi-blog up to 1.2.1. This affects an unknown part of the file /api/file/upload. The manipulation of the argument file/source leads to path traversal. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contac
nvd
CVE-2025-5512P2CRITICALCVSS 9.8≤ 1.2.1v1.2.0+1 more2025-06-03
CVE-2025-5512 [CRITICAL] CWE-287 CVE-2025-5512: A vulnerability, which was classified as critical, was found in quequnlong shiyi-blog up to 1.2.1. A A vulnerability, which was classified as critical, was found in quequnlong shiyi-blog up to 1.2.1. Affected is an unknown function of the file /api/sys/user/verifyPassword/ of the component Administrator Backend. The manipulation leads to improper authentication. It is possible to launch the attack remotely. The exploit has been disclosed to the pub
nvd
CVE-2025-5510P2CRITICALCVSS 9.8≤ 1.2.1v1.2.0+1 more2025-06-03
CVE-2025-5510 [CRITICAL] CWE-918 CVE-2025-5510: A vulnerability classified as critical was found in quequnlong shiyi-blog up to 1.2.1. This vulnerab A vulnerability classified as critical was found in quequnlong shiyi-blog up to 1.2.1. This vulnerability affects unknown code of the file /app/sys/article/optimize. The manipulation of the argument url leads to server-side request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor
nvd
CVE-2025-12305P3CRITICALCVSS 9.8≤ 1.2.1v1.2.0+1 more2025-10-27
CVE-2025-12305 [CRITICAL] CWE-20 CVE-2025-12305: A vulnerability was found in quequnlong shiyi-blog up to 1.2.1. This impacts an unknown function of A vulnerability was found in quequnlong shiyi-blog up to 1.2.1. This impacts an unknown function of the file src/main/java/com/mojian/controller/SysJobController.java of the component Job Handler. The manipulation results in deserialization. The attack can be executed remotely. The exploit has been made public and could be used.
nvd
CVE-2025-5511P3HIGHCVSS 7.5≤ 1.2.1v1.2.0+1 more2025-06-03
CVE-2025-5511 [HIGH] CWE-266 CVE-2025-5511: A vulnerability, which was classified as critical, has been found in quequnlong shiyi-blog up to 1.2 A vulnerability, which was classified as critical, has been found in quequnlong shiyi-blog up to 1.2.1. This issue affects some unknown processing of the file /dev api/app/album/photos/. The manipulation leads to improper authorization. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was con
nvd
CVE-2025-5513P4MEDIUMCVSS 5.4≤ 1.2.1v1.2.0+1 more2025-06-03
CVE-2025-5513 [MEDIUM] CWE-79 CVE-2025-5513: A vulnerability has been found in quequnlong shiyi-blog up to 1.2.1 and classified as problematic. A A vulnerability has been found in quequnlong shiyi-blog up to 1.2.1 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /dev-api/api/comment/add. The manipulation of the argument content leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and
nvd
Quequnlong Shiyi-Blog vulnerabilities | cvebase