Product
bladex springblade
9 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2025-70982
CVE-2025-70983
CVE-2024-8023
CVE-2024-33332
CVE-2023-47458
CVE-2023-40788
CVE-2023-40787
CVE-2022-27360
CVE-2020-16165
all versions
Incorrect access control in the importUser function of SpringBlade v4.5.0 allows attackers with low-level privileges to arbitraril
all versions
Incorrect access control in the authRoutes function of SpringBlade v4.5.0 allows attackers with low-level privileges to escalate p
<= 4.1.0
A vulnerability classified as critical has been found in chillzhuang SpringBlade 4.1.0. Affected is an unknown function of the fil
all versions
An issue discovered in SpringBlade 3.7.1 allows attackers to obtain sensitive information via crafted GET request to api/blade-sys
<= 3.7.0
An issue in SpringBlade v.3.7.0 and before allows a remote attacker to escalate privileges via the lack of permissions control fra
<= 3.6.0
SpringBlade <=V3.6.0 is vulnerable to Incorrect Access Control due to incorrect configuration in the default gateway resulting in
all versions
In SpringBlade V3.6.0 when executing SQL query, the parameters submitted by the user are not wrapped in quotation marks, which lea
all versions
SpringBlade v3.2.0 and below was discovered to contain a SQL injection vulnerability via the component customSqlSegment.
<= 2.7.1
The DAO/DTO implementation in SpringBlade through 2.7.1 allows SQL Injection in an ORDER BY clause. This is related to the /api/bl