CVE-2025-70983

Incorrect access control in the authRoutes function of SpringBlade v4.5.0 allows attackers with low-level privileges to escalate privileges...

SpringBlade security vulnerabilities

SpringBlade is a microservices development platform developed by China’s Blade Company. The SpringBlade v4.5.0 version contains a security vulnerability. This vulnerability stems from improper access control in the authRoutes function, which could allow low-privilege attackers to gain higher...

CVE-2023-40787

In SpringBlade V3.6.0 when executing SQL query, the parameters submitted by the user are not wrapped in quotation marks, which leads to SQL injection...

CVE-2023-40788

SpringBlade =V3.6.0 is vulnerable to Incorrect Access Control due to incorrect configuration in the default gateway resulting in unauthorized access to error logs...

EUVD-2020-8131

Malware in sbrugna...

EUVD-2023-2221

Malicious code in bioql PyPI...

EUVD-2023-45339

Malicious code in bioql PyPI...

EUVD-2024-31074

Malicious code in bioql PyPI...

EUVD-2024-48890

Malicious code in bioql PyPI...

CVE-2024-8023

A vulnerability classified as critical has been found in chillzhuang SpringBlade 4.1.0. Affected is an unknown function of the file /api/blade-system/menu/list?updatexml. The manipulation leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the...

CVE-2024-33332

An issue discovered in SpringBlade 3.7.1 allows attackers to obtain sensitive information via crafted GET request to api/blade-system/tenant...

CVE-2023-47458

An issue in SpringBlade v.3.7.0 and before allows a remote attacker to escalate privileges via the lack of permissions control framework...

CVE-2022-27360

SpringBlade v3.2.0 and below was discovered to contain a SQL injection vulnerability via the component customSqlSegment...

CVE-2020-16165

The DAO/DTO implementation in SpringBlade through 2.7.1 allows SQL Injection in an ORDER BY clause. This is related to the /api/blade-log/api/list ascs and desc parameters...

CVE-2024-8023

A vulnerability classified as critical has been found in chillzhuang SpringBlade 4.1.0. Affected is an unknown function of the file /api/blade-system/menu/list?updatexml. The manipulation leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the...

CVE-2024-8023

CVE-2024-8023 describes a critical SQL injection in chillzhuang SpringBlade 4.1.0. The vulnerability affects an unknown function of the endpoint /api/blade-system/menu/list?updatexml, with remote exploitation possible. Public exploitation is noted, and vendor contact occurred without response. Co...

CVE-2024-8023 chillzhuang SpringBlade list sql injection

A vulnerability classified as critical has been found in chillzhuang SpringBlade 4.1.0. Affected is an unknown function of the file /api/blade-system/menu/list?updatexml. The manipulation leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the...

PT-2024-38755 · Chillzhuang · Springblade

Name of the Vulnerable Software and Affected Versions: chillzhuang SpringBlade version 4.1.0 Description: A critical vulnerability has been found in the software, affecting an unknown function of the file "/api/blade-system/menu/list?updatexml". The manipulation leads to sql injection, and it is...

SpringBlade SQL注入漏洞

SpringBlade is a microservices development platform from Blade, a Chinese company. A SQL injection vulnerability exists in SpringBlade version 4.1.0, which originates from /api/blade-system/menu/list?updatexml contains a SQL injection vulnerability...

Information leakage vulnerability exists in SpringBlade of Shanghai Bred Technology Co.(CNVD-2024-32513)

SpringBlade is a microservices architecture upgraded and optimized from a commercial-grade project. Ltd. SpringBlade has an information disclosure vulnerability that can be exploited by attackers to obtain sensitive information...