Total
4 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-52159 | 1 Yandaozi | 1 Ppress | 2025-09-25 | N/A | 8.8 HIGH |
|
Hardcoded credentials in default configuration of PPress 0.0.9.
|
|||||
| CVE-2025-54761 | 1 Yandaozi | 1 Ppress | 2025-09-25 | N/A | 8.0 HIGH |
|
An issue was discovered in PPress 0.0.9 allowing attackers to gain escilated privlidges via crafted session cookie.
|
|||||
| CVE-2025-54815 | 1 Yandaozi | 1 Ppress | 2025-09-25 | N/A | 8.8 HIGH |
|
Server-side template injection (SSTI) vulnerability in PPress 0.0.9 allows attackers to execute arbitrary code via crafted themes.
|
|||||
| CVE-2025-25973 | 1 Yandaozi | 1 Ppress | 2025-09-23 | N/A | 6.5 MEDIUM |
|
A stored Cross Site Scripting vulnerability in the "related recommendations" feature in Ppress v.0.0.9 allows a remote attacker to execute arbitrary code via a crafted script to the article.title, article.category, and article.tags parameters.
|
|||||