VYPR

Springblade

by Chillzhuang

Source repositories

CVEs (10)

  • CVE-2026-36765HigApr 30, 2026
    risk 0.57cvss 8.8epss 0.00

    An XML external entity (XXE) vulnerability in the /designer/loadReport endpoint of SpringBlade v4.8.0 allows authenticated attackers to execute arbitrary code via injecting a crafted payload.

  • CVE-2026-36764MedApr 30, 2026
    risk 0.33cvss 5.0epss 0.00

    A Server-Side Request Forgery (SSRF) in the /ureport/datasource/testConnection endpoint of SpringBlade v4.8.0 allows authenticated attackers to scan internal resources via a crafted GET request.

  • CVE-2025-70982Jan 26, 2026
    risk 0.00cvss epss 0.00

    Incorrect access control in the importUser function of SpringBlade v4.5.0 allows attackers with low-level privileges to arbitrarily import sensitive user data.

  • CVE-2025-70983Jan 23, 2026
    risk 0.00cvss epss 0.00

    Incorrect access control in the authRoutes function of SpringBlade v4.5.0 allows attackers with low-level privileges to escalate privileges.

  • CVE-2024-8023Aug 20, 2024
    risk 0.00cvss epss 0.01

    A vulnerability classified as critical has been found in chillzhuang SpringBlade 4.1.0. Affected is an unknown function of the file /api/blade-system/menu/list?updatexml. The manipulation leads to sql injection. It is possible to launch the attack remotely. The exploit has been…

  • CVE-2024-33332Apr 30, 2024
    risk 0.00cvss epss 0.01

    An issue discovered in SpringBlade 3.7.1 allows attackers to obtain sensitive information via crafted GET request to api/blade-system/tenant.

  • CVE-2023-47458Jan 2, 2024
    risk 0.00cvss epss 0.01

    An issue in SpringBlade v.3.7.0 and before allows a remote attacker to escalate privileges via the lack of permissions control framework.

  • CVE-2023-40788Sep 18, 2023
    risk 0.00cvss epss 0.01

    SpringBlade <=V3.6.0 is vulnerable to Incorrect Access Control due to incorrect configuration in the default gateway resulting in unauthorized access to error logs

  • CVE-2022-27360May 5, 2022
    risk 0.00cvss epss 0.02

    SpringBlade v3.2.0 and below was discovered to contain a SQL injection vulnerability via the component customSqlSegment.

  • CVE-2020-16165Jul 30, 2020
    risk 0.00cvss epss 0.01

    The DAO/DTO implementation in SpringBlade through 2.7.1 allows SQL Injection in an ORDER BY clause. This is related to the /api/blade-log/api/list ascs and desc parameters.