CVE-2025-4552

ContiNew Admin up to 3.6.0 is affected by a vulnerability that allows unverified password changes via the /dev-api/system/user/1/password endpoint. Root cause: manipulation of an unauthenticated password change functionality. A remote attacker can exploit this, and the exploit has been disclosed ...

CVE-2024-8150

CVE-2024-8150 affects ContiNew Admin 3.2.0. The vulnerability is in top.continew.starter.extension.crud.controller.BaseController#page for /api/system/user?deptId=1&page=1&size=10, where improper handling of the sort parameter enables SQL injection. The issue may be exploitable remotely. Vendor r...

CVE-2025-4551

CVE-2025-4551 affects ContiNew Admin up to version 3.6.0. The vulnerability lies in the /dev-api/common/file endpoint where manipulating the File argument enables cross-site scripting. It can be exploited remotely and the exploit has been disclosed publicly. Multiple sources confirm the issue but...

CVE-2026-3750

CVE-2026-3750 affects ContiNew Admin up to 4.2.0; the vulnerability lies in the function URI.create in continew-system/src/main/java/top/continew/admin/system/factory/S3ClientFactory.java of the Storage Management Module, enabling server-side request forgery. The issue can be exploited remotely (...