Echo0D

#9010of 53,625
30.3Total CVSS
Vulnerabilities · 4
Medium
1
High
3
PT-2025-38071
7.5
2025-09-16
Zhangyd C · Oneblog · CVE-2025-56264
**Name of the Vulnerable Software and Affected Versions** zhangyd-c OneBlog version 2.3.9 **Description** The `/api/comment` endpoint in zhangyd-c OneBlog is susceptible to a denial-of-service issue. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2025-38078
8.8
2025-09-16
Unknown · By-Night Sms · CVE-2025-56263
**Name of the Vulnerable Software and Affected Versions** by-night sms version 1.0 **Description** The /api/sms/upload/headImg `endpoint` allows the upload of arbitrary files. Users can upload files of any size and type. **Recommendations** As a temporary workaround, consider restricting access to the `/api/sms/upload/headImg` endpoint until a fix is available.
PT-2025-33839
6.5
2025-08-19
Unknown · Thrivex-Blog · CVE-2025-9151
Name of the Vulnerable Software and Affected Versions: LiuYuYang01 ThriveX-Blog versions through 3.1.7 Description: A security flaw exists in the `updateJsonValueByName` function within the `/web config/json/name/web` file. This flaw results in improper authorization and allows for remote attacks. The exploit for this issue has been publicly released. The vendor was notified of this disclosure but did not respond. Recommendations: Update to a version beyond 3.1.7. As a temporary workaround, consider restricting access to the `/web config/json/name/web` file. Disable or restrict the use of the `updateJsonValueByName` function until a patch is available.
PT-2025-6706
7.5
2025-02-12
Unknown · Yeqifu Carrental · CVE-2024-51376
**Name of the Vulnerable Software and Affected Versions** yeqifu carRental version 1.0 **Description** The issue allows a remote attacker to obtain sensitive information via the "file/downloadFile.action?path=" component. This is a Directory Traversal vulnerability, which can be exploited to access confidential data. **Recommendations** For yeqifu carRental version 1.0, as a temporary workaround, consider restricting access to the "file/downloadFile.action?path=" component until a patch is available. Avoid using the `path` variable in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.