Vulnerabilities > Xxyopen > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-02-06 | CVE-2024-24015 | SQL Injection vulnerability in Xxyopen Novel-Plus A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prior versions. | 9.8 |
| 2024-01-26 | CVE-2024-0941 | Unspecified vulnerability in Xxyopen Novel-Plus 4.3.0 A vulnerability was found in Novel-Plus 4.3.0-RC1 and classified as critical. | 9.8 |
| 2024-01-18 | CVE-2024-0655 | Unspecified vulnerability in Xxyopen Novel-Plus 4.3.0 A vulnerability has been found in Novel-Plus 4.3.0-RC1 and classified as critical. | 9.8 |
| 2023-11-05 | CVE-2023-46981 | SQL Injection vulnerability in Xxyopen Novel-Plus 4.2.0 SQL injection vulnerability in Novel-Plus v.4.2.0 allows a remote attacker to execute arbitrary code via a crafted script to the sort parameter in /common/log/list. | 9.8 |
| 2023-09-11 | CVE-2023-30058 | SQL Injection vulnerability in Xxyopen Novel-Plus 3.6.2 novel-plus 3.6.2 is vulnerable to SQL Injection. | 9.8 |
| 2023-03-23 | CVE-2023-1606 | SQL Injection vulnerability in Xxyopen Novel-Plus 3.6.2 A vulnerability was found in novel-plus 3.6.2 and classified as critical. | 9.8 |
| 2023-03-23 | CVE-2023-1594 | Unspecified vulnerability in Xxyopen Novel-Plus 3.6.2 A vulnerability, which was classified as critical, was found in novel-plus 3.6.2. | 9.8 |
| 2022-09-01 | CVE-2022-36672 | Use of Hard-coded Credentials vulnerability in Xxyopen Novel-Plus 3.6.2 Novel-Plus v3.6.2 was discovered to contain a hard-coded JWT key located in the project config file. | 9.8 |
| 2022-08-17 | CVE-2022-35121 | SQL Injection vulnerability in Xxyopen Novel-Plus 3.6.1 Novel-Plus v3.6.1 was discovered to contain a SQL injection vulnerability via the keyword parameter at /service/impl/BookServiceImpl.java. | 9.8 |
| 2022-05-13 | CVE-2021-42967 | Unrestricted Upload of File with Dangerous Type vulnerability in Xxyopen Novel-Plus Unrestricted file upload in /novel-admin/src/main/java/com/java2nb/common/controller/FileController.java in novel-plus all versions allows allows an attacker to upload malicious JSP files. | 9.8 |