Novel-plus Security Vulnerabilities and Issues — Novel-plus CVE List

Lucene search

XxyopenNovel-plus

5 matches found

CVE•added 2025/04/16 8:15 a.m.•55 views

CVE-2025-3676

A vulnerability classified as critical has been found in xxyopen Novel-Plus 3.5.0. This affects an unknown part of the file /api/front/search/books. The manipulation of the argument sort leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the pu...

9.8CVSS6.8AI score0.0002EPSS

Web

CVE•added 2025/03/04 5:15 p.m.•52 views

CVE-2025-26182

An issue in xxyopen novel plus v.4.4.0 and before allows a remote attacker to execute arbitrary code via the PageController.java file

6.5CVSS7.6AI score0.00139EPSS

CVE•added 2025/06/24 1:15 a.m.•11 views

CVE-2025-6534

A vulnerability, which was classified as problematic, was found in xxyopen/201206030 novel-plus up to 5.1.3. This affects the function remove of the file novel-admin/src/main/java/com/java2nb/common/controller/FileController.java of the component File Handler. The manipulation leads to improper con...

6.8CVSS7AI score0.00076EPSS

CVE•added 2025/06/20 4:15 p.m.•9 views

CVE-2025-45890

Directory Traversal vulnerability in novel plus before v.5.1.0 allows a remote attacker to execute arbitrary code via the filePath parameter

9.8CVSS8.1AI score0.02879EPSS

CVE•added 2025/06/24 1:15 a.m.•8 views

CVE-2025-6535

A vulnerability has been found in xxyopen/201206030 novel-plus up to 5.1.3 and classified as critical. This vulnerability affects the function list of the file novel-admin/src/main/resources/mybatis/system/UserMapper.xml of the component User Management Module. The manipulation of the argument sort...

8.8CVSS7.4AI score0.00037EPSS