34 matches found
CVE-2022-35121
Novel-Plus v3.6.1 was discovered to contain a SQL injection vulnerability via the keyword parameter at /service/impl/BookServiceImpl.java...
EUVD-2023-41721
Malicious code in bioql PyPI...
EUVD-2021-29922
Malicious code in bioql PyPI...
EUVD-2024-21452
Malicious code in bioql PyPI...
EUVD-2022-32906
Malicious code in bioql PyPI...
EUVD-2023-23827
Malicious code in bioql PyPI...
CVE-2025-6533
A vulnerability, which was classified as critical, has been found in xxyopen/201206030 novel-plus up to 5.1.3. Affected by this issue is the function ajaxLogin of the file novel-admin/src/main/java/com/java2nb/system/controller/LoginController.java of the component CATCHA Handler. The manipulatio...
novel-plus 安全漏洞
novel-plus is a novel reading software by xxy individual developer. A security vulnerability exists in novel-plus 5.1.3 and earlier versions, which stems from the mishandling of the parameter sort/order in the user management module, which may lead to an SQL injection attack...
PT-2025-26657 · Unknown · Novel-Plus
Name of the Vulnerable Software and Affected Versions: xxyopen/201206030 novel-plus versions through 5.1.3 Description: A problematic issue exists due to improper control of resource identifiers. This issue affects the remove function within the...
novel-plus 安全漏洞
novel-plus is a novel reading software by xxy individual developer. A security vulnerability exists in novel-plus versions prior to 5.1.0, which stems from an unvalidated filePath parameter that could lead to a directory traversal attack...
CVE-2024-24025
An arbitrary File upload vulnerability exists in Novel-Plus v4.3.0-RC1 and prior at com.java2nb.common.controller.FileController: upload. An attacker can pass in specially crafted filename parameter to perform arbitrary File download...
CVE-2024-24024
An arbitrary File download vulnerability exists in Novel-Plus v4.3.0-RC1 and prior at com.java2nb.common.controller.FileController: fileDownload. An attacker can pass in specially crafted filePath and fieName parameters to perform arbitrary File download...
CVE-2024-24026
An arbitrary File upload vulnerability exists in Novel-Plus v4.3.0-RC1 and prior versions at com.java2nb.system.controller.SysUserController: uploadImg. An attacker can pass in specially crafted filename parameter to perform arbitrary File download...
CVE-2023-7171
A vulnerability was found in Novel-Plus up to 4.2.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file novel-admin/src/main/java/com/java2nb/novel/controller/FriendLinkController.java of the component Friendly Link Handler. The manipulatio...
CVE-2025-4017
A vulnerability classified as problematic was found in 20120630 Novel-Plus up to 0e156c04b4b7ce0563bef6c97af4476fcda8f160. This vulnerability affects the function list of the file nnovel-admin/src/main/java/com/java2nb/common/controller/LogController.java. The manipulation leads to improper...
CVE-2025-4019 20120630 Novel-Plus GeneratorController.java genCode missing authentication
A vulnerability, which was classified as critical, was found in 20120630 Novel-Plus up to 0e156c04b4b7ce0563bef6c97af4476fcda8f160. Affected is the function genCode of the file novel-admin/src/main/java/com/java2nb/common/controller/GeneratorController.java. The manipulation leads to missing...
CVE-2025-4018 20120630 Novel-Plus CrawlController.java addCrawlSource missing authentication
A vulnerability, which was classified as critical, has been found in 20120630 Novel-Plus up to 0e156c04b4b7ce0563bef6c97af4476fcda8f160. This issue affects the function addCrawlSource of the file novel-crawl/src/main/java/com/java2nb/novel/controller/CrawlController.java. The manipulation leads t...
CVE-2025-4018
Summary of CVE-2025-4018 (Novel-Plus) : A critical vulnerability affects Novel-Plus versions up to 0e156c04b4b7ce0563bef6c97af4476fcda8f160, specifically the function addCrawlSource in novel-crawl/src/main/java/com/java2nb/novel/controller/CrawlController.java. The root issue is a missing authent...
CVE-2025-4017
A vulnerability classified as problematic was found in 20120630 Novel-Plus up to 0e156c04b4b7ce0563bef6c97af4476fcda8f160. This vulnerability affects the function list of the file nnovel-admin/src/main/java/com/java2nb/common/controller/LogController.java. The manipulation leads to improper...
CVE-2025-4017 20120630 Novel-Plus LogController.java list improper authorization
A vulnerability classified as problematic was found in 20120630 Novel-Plus up to 0e156c04b4b7ce0563bef6c97af4476fcda8f160. This vulnerability affects the function list of the file nnovel-admin/src/main/java/com/java2nb/common/controller/LogController.java. The manipulation leads to improper...