EUVD-2026-26398

A stored cross-site scripting XSS vulnerability in the /api/blade-desk/notice/submit endpoint of SpringBlade v4.8.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted input into the content parameter...

CVE-2026-36764

A Server-Side Request Forgery SSRF in the /ureport/datasource/testConnection endpoint of SpringBlade v4.8.0 allows authenticated attackers to scan internal resources via a crafted GET request...

EUVD-2026-26400

An XML external entity XXE vulnerability in the /designer/loadReport endpoint of SpringBlade v4.8.0 allows authenticated attackers to execute arbitrary code via injecting a crafted payload...

CVE-2025-70982

Incorrect access control in the importUser function of SpringBlade v4.5.0 allows attackers with low-level privileges to arbitrarily import sensitive user data...

EUVD-2023-45339

Malicious code in bioql PyPI...

EUVD-2024-31074

Malicious code in bioql PyPI...

PT-2024-25208 · Unknown · Springblade

Name of the Vulnerable Software and Affected Versions: SpringBlade version 3.7.1 Description: An issue in SpringBlade allows attackers to obtain sensitive information via a crafted GET request to the "api/blade-system/tenant" endpoint. The api/blade-system/tenant endpoint is vulnerable to this...

SpringBlade Security Vulnerability

Bred Network Technology SpringBlade is a suite of microservice development platforms from China's Bred Network Technology. A security vulnerability exists in SpringBlade V3.6.0 and earlier versions, which stems from an incorrect configuration in the default gateway that allows unauthorized...

SpringBlade Secure Mode Bypass Vulnerability

SpringBlade is a microservices architecture upgraded and optimized from a commercial-grade project. SpringBlade suffers from a security model bypass vulnerability that stems from exposing a signing key, which can be exploited by an attacker to conduct a SQL injection attack by forging a JWT,...