Skip to main content

Springblade

9 CVEs product

Monthly

CVE-2025-70982 CRITICAL POC Act Now

Access control bypass in SpringBlade v4.5.0 importUser function allows low-privileged users to import sensitive user data and escalate privileges. PoC available.

Spring Java Privilege Escalation Information Disclosure Authentication Bypass +1
NVD GitHub
CVSS 3.1
9.9
EPSS
0.0%
CVE-2025-70983 CRITICAL Act Now

SpringBlade v4.5.0 has an access control flaw in authRoutes allowing low-privileged users to escalate to admin through the authentication routing mechanism.

Spring Java Privilege Escalation Authentication Bypass Springblade
NVD GitHub
CVSS 3.1
9.9
EPSS
0.0%
CVE-2024-8023 MEDIUM POC This Month

A vulnerability classified as critical has been found in chillzhuang SpringBlade 4.1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Springblade
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.6%
CVE-2024-33332 HIGH POC This Week

An issue discovered in SpringBlade 3.7.1 allows attackers to obtain sensitive information via crafted GET request to api/blade-system/tenant. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Springblade
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-47458 CRITICAL Act Now

An issue in SpringBlade v.3.7.0 and before allows a remote attacker to escalate privileges via the lack of permissions control framework. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Springblade
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-40788 MEDIUM POC This Month

SpringBlade <=V3.6.0 is vulnerable to Incorrect Access Control due to incorrect configuration in the default gateway resulting in unauthorized access to error logs. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Authentication Bypass Springblade
NVD GitHub
CVSS 3.1
5.3
EPSS
0.6%
CVE-2023-40787 Maven CRITICAL Act Now

In SpringBlade V3.6.0 when executing SQL query, the parameters submitted by the user are not wrapped in quotation marks, which leads to SQL injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Springblade
NVD GitHub
CVSS 3.1
9.8
EPSS
19.4%
CVE-2022-27360 CRITICAL POC Act Now

SpringBlade v3.2.0 and below was discovered to contain a SQL injection vulnerability via the component customSqlSegment. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Springblade
NVD
CVSS 3.1
9.8
EPSS
2.0%
CVE-2020-16165 CRITICAL POC Act Now

The DAO/DTO implementation in SpringBlade through 2.7.1 allows SQL Injection in an ORDER BY clause. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Springblade
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
EPSS 0% CVSS 9.9
CRITICAL POC Act Now

Access control bypass in SpringBlade v4.5.0 importUser function allows low-privileged users to import sensitive user data and escalate privileges. PoC available.

Spring Java Privilege Escalation +3
NVD GitHub
EPSS 0% CVSS 9.9
CRITICAL Act Now

SpringBlade v4.5.0 has an access control flaw in authRoutes allowing low-privileged users to escalate to admin through the authentication routing mechanism.

Spring Java Privilege Escalation +2
NVD GitHub
EPSS 1% CVSS 5.3
MEDIUM POC This Month

A vulnerability classified as critical has been found in chillzhuang SpringBlade 4.1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Springblade
NVD GitHub VulDB
EPSS 1% CVSS 7.5
HIGH POC This Week

An issue discovered in SpringBlade 3.7.1 allows attackers to obtain sensitive information via crafted GET request to api/blade-system/tenant. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Springblade
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL Act Now

An issue in SpringBlade v.3.7.0 and before allows a remote attacker to escalate privileges via the lack of permissions control framework. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Springblade
NVD GitHub VulDB
EPSS 1% CVSS 5.3
MEDIUM POC This Month

SpringBlade <=V3.6.0 is vulnerable to Incorrect Access Control due to incorrect configuration in the default gateway resulting in unauthorized access to error logs. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Authentication Bypass Springblade
NVD GitHub
EPSS 19% CVSS 9.8
CRITICAL Act Now

In SpringBlade V3.6.0 when executing SQL query, the parameters submitted by the user are not wrapped in quotation marks, which leads to SQL injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Springblade
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL POC Act Now

SpringBlade v3.2.0 and below was discovered to contain a SQL injection vulnerability via the component customSqlSegment. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Springblade
NVD
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

The DAO/DTO implementation in SpringBlade through 2.7.1 allows SQL Injection in an ORDER BY clause. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Springblade
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy