PatchSiren

OneBlog CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

Review OneBlog CVE published 2026-07-07

CVE-2026-51937

A sensitive information disclosure vulnerability exists in Oneblog V2.3.9. The issue allows a remote attacker to obtain sensitive information via the RestApiController.java, JsApiTicketComponent.java, and the GetAccessTokenComponent.java components. This vulnerability has a high impact on confidentiality and can be exploited without authentication. Users of Oneblog V2.3.9 should be aware of this vulnerabi [truncated]