Every CVE whose affected-product data names Bladex Springblade, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (9)
CVE-2025-70983 — CVSS 9.9 (critical): Incorrect access control in the authRoutes function of SpringBlade v4.5.0 allows attackers with low-level privileges to escalate privileges.
CVE-2025-70982 — CVSS 9.9 (critical): Incorrect access control in the importUser function of SpringBlade v4.5.0 allows attackers with low-level privileges to arbitrarily import…
CVE-2023-40787 — CVSS 9.8 (critical): In SpringBlade V3.6.0 when executing SQL query, the parameters submitted by the user are not wrapped in quotation marks, which leads to SQL…
CVE-2020-16165 — CVSS 9.8 (critical): The DAO/DTO implementation in SpringBlade through 2.7.1 allows SQL Injection in an ORDER BY clause. This is related to the…
CVE-2023-47458 — CVSS 9.8 (critical): An issue in SpringBlade v.3.7.0 and before allows a remote attacker to escalate privileges via the lack of permissions control framework.
CVE-2022-27360 — CVSS 9.8 (critical): SpringBlade v3.2.0 and below was discovered to contain a SQL injection vulnerability via the component customSqlSegment.
CVE-2024-33332 — CVSS 7.5 (high): An issue discovered in SpringBlade 3.7.1 allows attackers to obtain sensitive information via crafted GET request to api/blade-system/tenant…
CVE-2024-8023 — CVSS 6.3 (medium): A vulnerability classified as critical has been found in chillzhuang SpringBlade 4.1.0. Affected is an unknown function of the file…
CVE-2023-40788 — CVSS 5.3 (medium): SpringBlade <=V3.6.0 is vulnerable to Incorrect Access Control due to incorrect configuration in the default gateway resulting in…