Filtered by vendor Chillzhuang
Subscriptions
Total
4 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-36763 | 1 Chillzhuang | 1 Springblade | 2026-04-30 | 6.1 Medium |
| A stored cross-site scripting (XSS) vulnerability in the /api/blade-desk/notice/submit endpoint of SpringBlade v4.8.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted input into the content parameter. | ||||
| CVE-2026-36765 | 1 Chillzhuang | 1 Springblade | 2026-04-30 | N/A |
| An XML external entity (XXE) vulnerability in the /designer/loadReport endpoint of SpringBlade v4.8.0 allows authenticated attackers to execute arbitrary code via injecting a crafted payload. | ||||
| CVE-2026-36764 | 1 Chillzhuang | 1 Springblade | 2026-04-30 | 5 Medium |
| A Server-Side Request Forgery (SSRF) in the /ureport/datasource/testConnection endpoint of SpringBlade v4.8.0 allows authenticated attackers to scan internal resources via a crafted GET request. | ||||
| CVE-2025-70982 | 2 Bladex, Chillzhuang | 2 Springblade, Springblade | 2026-02-12 | 9.9 Critical |
| Incorrect access control in the importUser function of SpringBlade v4.5.0 allows attackers with low-level privileges to arbitrarily import sensitive user data. | ||||
Page 1 of 1.