Bladex

bladex

9 CVEs • 1 product

Products (1)

Click to collapse

Toggle

CVEs (9)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2025-70982 1Bladex 1Springblade Feb 12, 2026 Jan 26, 2026 N/A· v4 9.9 CRITICAL· v3 N/A· v2 Incorrect access control in the importUser function of SpringBlade v4.5.0 allows attackers with low-level privileges to arbitrarily import sensitive user data.
CVE-2025-70983 1Bladex 1Springblade Feb 11, 2026 Jan 23, 2026 N/A· v4 9.9 CRITICAL· v3 N/A· v2 Incorrect access control in the authRoutes function of SpringBlade v4.5.0 allows attackers with low-level privileges to escalate privileges.
CVE-2024-8023 1Bladex 1Springblade Jun 4, 2025 Aug 21, 2024 5.3 MEDIUM· v4 9.8 CRITICAL· v3 6.5 MEDIUM· v2 A vulnerability classified as critical has been found in chillzhuang SpringBlade 4.1.0. Affected is an unknown function of the file /api/blade-system/menu/list?updatexml. The manipulation leads to sql injection. It is po...Show more A vulnerability classified as critical has been found in chillzhuang SpringBlade 4.1.0. Affected is an unknown function of the file /api/blade-system/menu/list?updatexml. The manipulation leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.Show less
CVE-2024-33332 1Bladex 1Springblade Jun 3, 2025 Apr 30, 2024 N/A· v4 7.5 HIGH· v3 N/A· v2 An issue discovered in SpringBlade 3.7.1 allows attackers to obtain sensitive information via crafted GET request to api/blade-system/tenant.
CVE-2023-47458 1Bladex 1Springblade Apr 17, 2025 Jan 2, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 An issue in SpringBlade v.3.7.0 and before allows a remote attacker to escalate privileges via the lack of permissions control framework.
CVE-2023-40788 1Bladex 1Springblade Nov 21, 2024 Sep 19, 2023 N/A· v4 5.3 MEDIUM· v3 N/A· v2 SpringBlade <=V3.6.0 is vulnerable to Incorrect Access Control due to incorrect configuration in the default gateway resulting in unauthorized access to error logs
CVE-2023-40787 1Bladex 1Springblade Nov 21, 2024 Aug 29, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 In SpringBlade V3.6.0 when executing SQL query, the parameters submitted by the user are not wrapped in quotation marks, which leads to SQL injection.
CVE-2022-27360 1Bladex 1Springblade Nov 21, 2024 May 5, 2022 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 SpringBlade v3.2.0 and below was discovered to contain a SQL injection vulnerability via the component customSqlSegment.
CVE-2020-16165 1Bladex 1Springblade Jun 3, 2025 Jul 30, 2020 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 The DAO/DTO implementation in SpringBlade through 2.7.1 allows SQL Injection in an ORDER BY clause. This is related to the /api/blade-log/api/list ascs and desc parameters.