Filtered by vendor Yandaozi
Subscribe
Total
4 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-52159 | 1 Yandaozi | 1 Ppress | 2025-09-25 | N/A | 8.8 HIGH |
| Hardcoded credentials in default configuration of PPress 0.0.9. | |||||
| CVE-2025-54761 | 1 Yandaozi | 1 Ppress | 2025-09-25 | N/A | 8.0 HIGH |
| An issue was discovered in PPress 0.0.9 allowing attackers to gain escilated privlidges via crafted session cookie. | |||||
| CVE-2025-54815 | 1 Yandaozi | 1 Ppress | 2025-09-25 | N/A | 8.8 HIGH |
| Server-side template injection (SSTI) vulnerability in PPress 0.0.9 allows attackers to execute arbitrary code via crafted themes. | |||||
| CVE-2025-25973 | 1 Yandaozi | 1 Ppress | 2025-09-23 | N/A | 6.5 MEDIUM |
| A stored Cross Site Scripting vulnerability in the "related recommendations" feature in Ppress v.0.0.9 allows a remote attacker to execute arbitrary code via a crafted script to the article.title, article.category, and article.tags parameters. | |||||