GCVE - cpe:2.3:a:adlered:bolo-solo:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:adlered:bolo-solo:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	Adlered (`d9855417-b4af-56df-ae7d-735e201a792e`)
Product	Bolo Solo (`18d63edb-521d-557e-9dd3-02bb64e85363`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from purl2cpe mapping

PURL mappings

PURL	Source	Last updated
`pkg:gitee/adlered/bolo-solo`	purl2cpe	2026-06-01 10:16:02.772395
`pkg:github/adlered/bolo-solo`	purl2cpe	2026-06-01 10:16:02.772399

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2026-1813`	vulnerable	2026-06-03 15:14:45.385242	bolo-blog bolo-solo FreeMarker Template PicUploadProcessor.java unrestricted upload MEDIUM (6.3) A vulnerability was found in bolo-blog bolo-solo up to 2.6.4. Affected is an unknown function of the file src/main/java/org/b3log/solo/bolo/pic/PicUploadProcessor.java of the component FreeMarker Template Handler. The manipulation of the argument File results in unrestricted upload. It is possible to launch the attack remotely. The exploit has been made public and could be used. The project was informed of the problem early through an issue report but has not responded yet. Published: 2026-02-03T23:32:08.090Z Updated: 2026-02-23T09:16:12.459Z Open on db.gcve.eu Reference links https://vuldb.com/?id.343981 https://vuldb.com/?ctiid.343981 https://vuldb.com/?submit.743402 https://github.com/bolo-blog/bolo-solo/issues/329 https://github.com/bolo-blog/bolo-solo/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2026-1812`	vulnerable	2026-06-03 15:14:45.384743	bolo-blog bolo-solo Filename BackupService.java importFromCnblogs path traversal MEDIUM (6.3) A vulnerability has been found in bolo-blog bolo-solo up to 2.6.4. This impacts the function importFromCnblogs of the file src/main/java/org/b3log/solo/bolo/prop/BackupService.java of the component Filename Handler. The manipulation of the argument File leads to path traversal. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The project was informed of the problem early through an issue report but has not responded yet. Published: 2026-02-03T22:32:08.158Z Updated: 2026-02-23T09:15:58.665Z Open on db.gcve.eu Reference links https://vuldb.com/?id.343980 https://vuldb.com/?ctiid.343980 https://vuldb.com/?submit.742582 https://github.com/bolo-blog/bolo-solo/issues/328 https://github.com/bolo-blog/bolo-solo/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2026-1811`	vulnerable	2026-06-03 15:14:45.384243	bolo-blog bolo-solo Filename BackupService.java importFromMarkdown path traversal MEDIUM (6.3) A flaw has been found in bolo-blog bolo-solo up to 2.6.4. This affects the function importFromMarkdown of the file src/main/java/org/b3log/solo/bolo/prop/BackupService.java of the component Filename Handler. Executing a manipulation of the argument File can lead to path traversal. The attack may be performed from remote. The exploit has been published and may be used. The project was informed of the problem early through an issue report but has not responded yet. Published: 2026-02-03T21:32:07.628Z Updated: 2026-02-23T09:15:44.878Z Open on db.gcve.eu Reference links https://vuldb.com/?id.343979 https://vuldb.com/?ctiid.343979 https://vuldb.com/?submit.742437 https://github.com/bolo-blog/bolo-solo/issues/327 https://github.com/bolo-blog/bolo-solo/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2026-1810`	vulnerable	2026-06-03 15:14:45.383681	bolo-blog bolo-solo ZIP File BackupService.java unpackFilteredZip path traversal MEDIUM (6.3) A vulnerability was detected in bolo-blog bolo-solo up to 2.6.4. The impacted element is the function unpackFilteredZip of the file src/main/java/org/b3log/solo/bolo/prop/BackupService.java of the component ZIP File Handler. Performing a manipulation of the argument File results in path traversal. The attack is possible to be carried out remotely. The exploit is now public and may be used. The project was informed of the problem early through an issue report but has not responded yet. Published: 2026-02-03T20:32:07.343Z Updated: 2026-02-23T09:15:31.194Z Open on db.gcve.eu Reference links https://vuldb.com/?id.343978 https://vuldb.com/?ctiid.343978 https://vuldb.com/?submit.742422 https://github.com/bolo-blog/bolo-solo/issues/326 https://github.com/bolo-blog/bolo-solo/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2026-1691`	vulnerable	2026-06-03 15:14:45.122463	bolo-solo SnakeYAML BackupService.java importMarkdownsSync deserialization MEDIUM (6.3) A vulnerability has been found in bolo-solo up to 2.6.4. This impacts the function importMarkdownsSync of the file src/main/java/org/b3log/solo/bolo/prop/BackupService.java of the component SnakeYAML. Such manipulation leads to deserialization. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Published: 2026-01-30T17:02:06.205Z Updated: 2026-02-23T09:10:21.991Z Open on db.gcve.eu Reference links https://vuldb.com/?id.343485 https://vuldb.com/?ctiid.343485 https://vuldb.com/?submit.741899 https://github.com/bolo-blog/bolo-solo/issues/325 https://github.com/bolo-blog/bolo-solo/issues/325#issue-3828755519	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.