SpringBlade 代码问题漏洞

SpringBlade is a microservices development platform developed by Blade China. Version 4.8.0 of SpringBlade contains a code vulnerability. This vulnerability stems from XML external entity injection in the /designer/loadReport endpoint, which may allow authenticated attackers to execute arbitrary...

EUVD-2026-26399

A Server-Side Request Forgery SSRF in the /ureport/datasource/testConnection endpoint of SpringBlade v4.8.0 allows authenticated attackers to scan internal resources via a crafted GET request...

CVE-2026-36763

A stored cross-site scripting XSS vulnerability in the /api/blade-desk/notice/submit endpoint of SpringBlade v4.8.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted input into the content parameter...

CVE-2026-36765

An XXE vulnerability affects SpringBlade v4.8.0 at the /designer/loadReport endpoint. The issue allows authenticated attackers to execute arbitrary code by injecting a crafted payload. The common details across sources identify the root cause as an XML external entity processing flaw, enabling co...

CVE-2026-6493

A flaw has been found in lukevella rallly up to 4.7.4. This affects an unknown function of the file apps/web/src/app/locale/auth/reset-password/components/reset-password-form.tsx of the component Reset Password Handler. Executing a manipulation of the argument redirectTo can lead to cross site...

PT-2026-28279

Wazuh wazuh-agent and wazuh-manager versions 2.1.0 before 4.8.0 contain multiple shell injection and untrusted search path vulnerabilities that allow attackers to execute arbitrary commands through various components including logcollector configuration, maild SMTP server tags, and Kaspersky AR...

DoS (Denial of Service) com.nimbusds:nimbus-jose-jwt Dependency in Crucible Data Center and Server

This High severity DoS Denial of Service vulnerability was introduced in version 4.8.0, 4.9.0 of Crucible Data Center and Server. This DoS Denial of Service vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H allows an unauthenticated attacker...

Port Forwarding Wizard security vulnerabilities

Port Forwarding Wizard is a port forwarding tool developed by an invalid account developer. Version 4.8.0 of Port Forwarding Wizard contains a security vulnerability, which stems from a buffer overflow in the Register function. This vulnerability could allow local attackers to execute arbitrary...

CVE-2023-43649

baserCMS is a website development framework. Prior to version 4.8.0, there is a cross site request forgery vulnerability in the content preview feature of baserCMS. Version 4.8.0 contains a patch for this issue...

CVE-2023-50904

Missing Authorization vulnerability in Ays Pro Poll Maker poll-maker allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Poll Maker: from n/a through = 4.8.0...

Ruoyi 安全漏洞

Ruoyi is a backend management system by Ruoyi Personal Developer. A security vulnerability exists in Ruoyi v4.8.0, which stems from a missing permission check in the resetPwd method of SysUserController.java...

CVE-2025-62524 PILOS Exposes PHP version

PILOS Platform for Interactive Live-Online Seminars is a frontend for BigBlueButton. PILOS before 4.8.0 exposes the PHP version via the X-Powered-By header, enabling attackers to fingerprint the server and assess potential exploits. This information disclosure vulnerability originates from PHP’s...

EUVD-2021-19345

Malware in sbrugna...

EUVD-2019-17187

Malware in sbrugna...

EUVD-2019-9074

Malware in sbrugna...

EUVD-2020-2691

Malware in sbrugna...

EUVD-2021-19343

Malware in sbrugna...

EUVD-2021-19344

Malware in sbrugna...

EUVD-2022-1463

Malicious code in bioql PyPI...

EUVD-2023-2702

Malicious code in bioql PyPI...