Vendor
Chillzhuang
Products
1
CVEs
5
Across products
5
Status
Private
Products
1- 5 CVEs
Recent CVEs
5| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-36765 | Hig | 0.57 | 8.8 | 0.00 | Apr 30, 2026 | An XML external entity (XXE) vulnerability in the /designer/loadReport endpoint of SpringBlade v4.8.0 allows authenticated attackers to execute arbitrary code via injecting a crafted payload. | |
| CVE-2026-36764 | Med | 0.33 | 5.0 | 0.00 | Apr 30, 2026 | A Server-Side Request Forgery (SSRF) in the /ureport/datasource/testConnection endpoint of SpringBlade v4.8.0 allows authenticated attackers to scan internal resources via a crafted GET request. | |
| CVE-2025-70982 | 0.00 | — | 0.00 | Jan 26, 2026 | Incorrect access control in the importUser function of SpringBlade v4.5.0 allows attackers with low-level privileges to arbitrarily import sensitive user data. | ||
| CVE-2025-70983 | 0.00 | — | 0.00 | Jan 23, 2026 | Incorrect access control in the authRoutes function of SpringBlade v4.5.0 allows attackers with low-level privileges to escalate privileges. | ||
| CVE-2024-8023 | 0.00 | — | 0.00 | Aug 20, 2024 | A vulnerability classified as critical has been found in chillzhuang SpringBlade 4.1.0. Affected is an unknown function of the file /api/blade-system/menu/list?updatexml. The manipulation leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. |