Every CVE whose affected-product data names Xxyopen Novel-plus, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (50)
CVE-2021-41921 — CVSS 9.8 (critical): novel-plus V3.6.1 allows unrestricted file uploads. Unrestricted file suffixes and contents can lead to server attacks and arbitrary code…
CVE-2021-42967 — CVSS 9.8 (critical): Unrestricted file upload in /novel-admin/src/main/java/com/java2nb/common/controller/FileController.java in novel-plus all versions allows…
CVE-2022-24568 — CVSS 9.8 (critical): Novel-plus v3.6.0 was discovered to be vulnerable to Server-Side Request Forgery (SSRF) via user-supplied crafted input.
CVE-2022-35121 — CVSS 9.8 (critical): Novel-Plus v3.6.1 was discovered to contain a SQL injection vulnerability via the keyword parameter at /service/impl/BookServiceImpl.java.
CVE-2022-36672 — CVSS 9.8 (critical): Novel-Plus v3.6.2 was discovered to contain a hard-coded JWT key located in the project config file. This vulnerability allows attackers to…
CVE-2023-46981 — CVSS 9.8 (critical): SQL injection vulnerability in Novel-Plus v.4.2.0 allows a remote attacker to execute arbitrary code via a crafted script to the sort…
CVE-2024-24013 — CVSS 9.8 (critical): A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prior versions. An attacker can pass crafted offset, limit, and sort…
CVE-2024-24014 — CVSS 9.8 (critical): A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prior versions. An attacker can pass crafted offset, limit, and sort…
CVE-2024-24015 — CVSS 9.8 (critical): A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prior versions. An attacker can pass in crafted offset, limit, and sort…
CVE-2024-24017 — CVSS 9.8 (critical): A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prior versions. An attacker can pass crafted offset, limit, and sort…
CVE-2024-24018 — CVSS 9.8 (critical): A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prior versions. An attacker can pass in crafted offset, limit, and sort…
CVE-2024-24019 — CVSS 9.8 (critical): A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prior versions. An attacker can pass in crafted offset, limit, and sort…
CVE-2024-24021 — CVSS 9.8 (critical): A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prior. An attacker can pass specially crafted offset, limit, and sort…
CVE-2024-24023 — CVSS 9.8 (critical): A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prior. An attacker can pass specially crafted offset, limit, and sort…
CVE-2024-24024 — CVSS 9.8 (critical): An arbitrary File download vulnerability exists in Novel-Plus v4.3.0-RC1 and prior at com.java2nb.common.controller.FileController…
CVE-2024-24025 — CVSS 9.8 (critical): An arbitrary File upload vulnerability exists in Novel-Plus v4.3.0-RC1 and prior at com.java2nb.common.controller.FileController: upload()…
CVE-2024-24026 — CVSS 9.8 (critical): An arbitrary File upload vulnerability exists in Novel-Plus v4.3.0-RC1 and prior versions at com.java2nb.system.controller.SysUserController…
CVE-2024-25274 — CVSS 9.8 (critical): An arbitrary file upload vulnerability in the component /sysFile/upload of Novel-Plus v4.3.0-RC1 allows attackers to execute arbitrary code…
CVE-2025-45890 — CVSS 9.8 (critical): Directory Traversal vulnerability in novel plus before v.5.1.0 allows a remote attacker to execute arbitrary code via the filePath parameter
CVE-2024-33383 — CVSS 7.5 (high): Arbitrary File Read vulnerability in novel-plus 4.3.0 and before allows a remote attacker to obtain sensitive information via a crafted GET…
CVE-2022-36671 — CVSS 7.5 (high): Novel-Plus v3.6.2 was discovered to contain an arbitrary file download vulnerability via the background file download API.
CVE-2023-1594 — CVSS 7.3 (high): A vulnerability, which was classified as critical, was found in novel-plus 3.6.2. Affected is the function MenuService of the file…
CVE-2025-4019 — CVSS 7.3 (high): A vulnerability, which was classified as critical, was found in 20120630 Novel-Plus up to 0e156c04b4b7ce0563bef6c97af4476fcda8f160…
CVE-2023-41443 — CVSS 7.2 (high): SQL injection vulnerability in Novel-Plus v.4.1.0 allows a remote attacker to execute arbitrary code via a crafted script to the sort…
CVE-2025-26182 — CVSS 6.5 (medium): An issue in xxyopen novel plus v.4.4.0 and before allows a remote attacker to execute arbitrary code via the PageController.java file
CVE-2023-2039 — CVSS 6.3 (medium): A vulnerability was found in novel-plus 3.6.2. It has been rated as critical. This issue affects some unknown processing of the file…
CVE-2025-6535 — CVSS 6.3 (medium): A vulnerability has been found in xxyopen/201206030 novel-plus up to 5.1.3 and classified as critical. This vulnerability affects the…
CVE-2025-3676 — CVSS 6.3 (medium): A vulnerability classified as critical has been found in xxyopen Novel-Plus 3.5.0. This affects an unknown part of the file…
CVE-2025-3856 — CVSS 6.3 (medium): A vulnerability was found in xxyopen Novel-Plus 5.1.0. It has been classified as critical. This affects the function searchByPage of the…
CVE-2025-3369 — CVSS 6.3 (medium): A vulnerability was found in xxyopen Novel-Plus 5.1.0. It has been rated as critical. Affected by this issue is some unknown functionality…
CVE-2023-1606 — CVSS 6.3 (medium): A vulnerability was found in novel-plus 3.6.2 and classified as critical. Affected by this issue is some unknown functionality of the file…
CVE-2023-2041 — CVSS 6.3 (medium): A vulnerability classified as critical was found in novel-plus 3.6.2. Affected by this vulnerability is an unknown functionality of the…
CVE-2023-2040 — CVSS 6.3 (medium): A vulnerability classified as critical has been found in novel-plus 3.6.2. Affected is an unknown function of the file…
CVE-2025-6533 — CVSS 5.6 (medium): A vulnerability, which was classified as critical, has been found in xxyopen/201206030 novel-plus up to 5.1.3. Affected by this issue is…
CVE-2024-0941 — CVSS 5.5 (medium): A vulnerability was found in Novel-Plus 4.3.0-RC1 and classified as critical. This issue affects some unknown processing of the file…
CVE-2024-0655 — CVSS 5.5 (medium): A vulnerability has been found in Novel-Plus 4.3.0-RC1 and classified as critical. Affected by this vulnerability is an unknown…
CVE-2025-4016 — CVSS 5.4 (medium): A vulnerability classified as critical has been found in 20120630 Novel-Plus up to 0e156c04b4b7ce0563bef6c97af4476fcda8f160. This affects…
CVE-2025-60299 — CVSS 5.4 (medium): Novel-Plus with 5.2.0 was discovered to contain a Stored Cross-Site Scripting (XSS) vulnerability via the /book/addCommentReply endpoint…
CVE-2025-60298 — CVSS 5.4 (medium): Novel-Plus up to 5.2.4 was discovered to contain a Stored Cross-Site Scripting (XSS) vulnerability via the /author/updateIndexName…
CVE-2025-4015 — CVSS 5.3 (medium): A vulnerability was found in 20120630 Novel-Plus up to 0e156c04b4b7ce0563bef6c97af4476fcda8f160. It has been rated as critical. Affected by…
CVE-2025-4018 — CVSS 5.3 (medium): A vulnerability, which was classified as critical, has been found in 20120630 Novel-Plus up to 0e156c04b4b7ce0563bef6c97af4476fcda8f160…
CVE-2023-1607 — CVSS 4.7 (medium): A vulnerability was found in novel-plus 3.6.2. It has been classified as critical. This affects an unknown part of the file…
CVE-2023-1595 — CVSS 4.7 (medium): A vulnerability has been found in novel-plus 3.6.2 and classified as critical. Affected by this vulnerability is an unknown functionality…
CVE-2025-4017 — CVSS 4.3 (medium): A vulnerability classified as problematic was found in 20120630 Novel-Plus up to 0e156c04b4b7ce0563bef6c97af4476fcda8f160. This…
CVE-2025-6534 — CVSS 4.2 (medium): A vulnerability, which was classified as problematic, was found in xxyopen/201206030 novel-plus up to 5.1.3. This affects the function…
CVE-2023-7166 — CVSS 3.5 (low): A vulnerability classified as problematic has been found in Novel-Plus up to 4.2.0. This affects an unknown part of the file…
CVE-2023-7171 — CVSS 2.4 (low): A vulnerability was found in Novel-Plus up to 4.2.0. It has been declared as problematic. Affected by this vulnerability is an unknown…