VYPR
Vendor

SpringBlade

Products
2
CVEs
6
Across products
6
Status
Private

Products

2

Recent CVEs

6
  • CVE-2023-47458CriJan 2, 2024
    risk 0.64cvss 9.8epss 0.01

    An issue in SpringBlade v.3.7.0 and before allows a remote attacker to escalate privileges via the lack of permissions control framework.

  • CVE-2022-27360CriMay 5, 2022
    risk 0.64cvss 9.8epss 0.02

    SpringBlade v3.2.0 and below was discovered to contain a SQL injection vulnerability via the component customSqlSegment.

  • CVE-2020-16165CriJul 30, 2020
    risk 0.64cvss 9.8epss 0.01

    The DAO/DTO implementation in SpringBlade through 2.7.1 allows SQL Injection in an ORDER BY clause. This is related to the /api/blade-log/api/list ascs and desc parameters.

  • CVE-2024-33332HigApr 30, 2024
    risk 0.49cvss 7.5epss 0.01

    An issue discovered in SpringBlade 3.7.1 allows attackers to obtain sensitive information via crafted GET request to api/blade-system/tenant.

  • CVE-2025-2322HigMar 15, 2025
    risk 0.48cvss 7.3epss 0.01

    A vulnerability was found in 274056675 springboot-openai-chatgpt e84f6f5. It has been classified as critical. This affects an unknown part of the file /chatgpt-boot/src/main/java/org/springblade/modules/mjkj/controller/OpenController.java. The manipulation leads to hard-coded…

  • CVE-2023-40788MedSep 19, 2023
    risk 0.34cvss 5.3epss 0.01

    SpringBlade <=V3.6.0 is vulnerable to Incorrect Access Control due to incorrect configuration in the default gateway resulting in unauthorized access to error logs