CVE-2026-36764

A Server-Side Request Forgery SSRF in the /ureport/datasource/testConnection endpoint of SpringBlade v4.8.0 allows authenticated attackers to scan internal resources via a crafted GET request...

CVE-2026-36764

A Server-Side Request Forgery SSRF in the /ureport/datasource/testConnection endpoint of SpringBlade v4.8.0 allows authenticated attackers to scan internal resources via a crafted GET request...

SpringBlade 代码问题漏洞

SpringBlade is a microservices development platform developed by Blade China. Version 4.8.0 of SpringBlade contains a code vulnerability. This vulnerability stems from a server-side request forgeing issue in the /ureport/datasource/testConnection endpoint. It may allow authenticated attackers to...

EUVD-2026-26399

A Server-Side Request Forgery SSRF in the /ureport/datasource/testConnection endpoint of SpringBlade v4.8.0 allows authenticated attackers to scan internal resources via a crafted GET request...

CVE-2026-36764

A Server-Side Request Forgery SSRF in the /ureport/datasource/testConnection endpoint of SpringBlade v4.8.0 allows authenticated attackers to scan internal resources via a crafted GET request...

CVE-2026-36764

A Server-Side Request Forgery SSRF in the /ureport/datasource/testConnection endpoint of SpringBlade v4.8.0 allows authenticated attackers to scan internal resources via a crafted GET request...

EUVD-2021-1996

Malware in sbrugna...

EUVD-2021-1998

Malware in sbrugna...

EUVD-2020-13902

Malware in sbrugna...

EUVD-2023-0640

Malicious code in bioql PyPI...

EUVD-2023-0697

Malicious code in bioql PyPI...

EUVD-2023-2941

Malicious code in bioql PyPI...

CVE-2023-48848

An arbitrary file read vulnerability in ureport v2.2.9 allows a remote attacker to arbitrarily read files on the server by inserting a crafted path...

CVE-2023-24188

ureport v2.2.9 was discovered to contain a directory traversal vulnerability via the deletion function which allows for arbitrary files to be deleted...

CVE-2023-24187

An XML External Entity XXE vulnerability in ureport v2.2.9 allows attackers to execute arbitrary code via uploading a crafted XML file to /ureport/designer/saveReportFile...

CVE-2020-21125

An arbitrary file creation vulnerability in UReport 2.2.9 allows attackers to execute arbitrary code...

CVE-2020-21124

UReport 2.2.9 allows attackers to execute arbitrary code due to a lack of access control to the designer page...

CVE-2020-21122

UReport v2.2.9 contains a Server-Side Request Forgery SSRF in the designer page which allows attackers to detect intranet device ports...

PT-2024-22369 · Unknown · Lakernote Easyadmin

Name of the Vulnerable Software and Affected Versions: lakernote EasyAdmin up to 20240315 Description: A vulnerability was found in lakernote EasyAdmin, affecting unknown code of the file /ureport/designer/saveReportFile. The manipulation leads to xml external entity reference. The attack can be...

UReport2 Security Vulnerability

UReport2 is a high-performance pure Java reporting engine based on Spring architecture . A security vulnerability exists in UReport2 2.2.9 and earlier versions, which stems from an arbitrary file write vulnerability in the saveReportFile method. An attacker can use this vulnerability through a...