Skip to content

RadicalNotion.AI

We do not sell or share your personal information

© 2026 RadicalNotion.AI

Security Data

CWE Directory
CAPEC Directory
CNA Directory
CNA Report Cards
Data Sources

Calculators

CVSS Calculator
CVSS 4.0
CVSS 3.1
CVSS 3.0
CVSS 2.0

Platform

My Vulnerabilities
Insights
Notifications
Account
Pricing

Learn

All guides
What is a CVE?
What is CVSS?
The CISA KEV catalog
What is EPSS?

Company

About us
Blog
Book a demo

Get Started

Sign up
Log in

Legal

Privacy
Terms

Security data

Weaknesses (CWE)The MITRE CWE weakness catalog
Attack Patterns (CAPEC)MITRE CAPEC attack patterns
CNAsNumbering authorities + report cards
VendorsVulnerabilities by vendor

Tools

CVSS CalculatorScore CVSS 4.0, 3.1, 3.0 & 2.0

Resources

LearnPlain-English security guides
Data SourcesHow we source CVE data

About Us Blog Pricing Book a Demo

Log in

Home
Vendors
Xxyopen
Novel Plus

xxyopen novel-plus Vulnerabilities: CVEs, CISA KEV & Security Advisories

50 CVEs

xxyopen novel-plus Vulnerabilities

CVE security advisories and vulnerability history for novel-plus by xxyopen.

50

Total CVEs

Published

0

In CISA KEV

Exploited in the wild

29

Public exploits

With known exploit

7.1

Avg CVSS

2022–2025

Last updated October 8, 2025

Overview

xxyopen novel-plus has 50 published CVE records since 2022, of which 0 are in CISA's Known Exploited Vulnerabilities catalog and 29 have a known public exploit. The average CVSS base score across scored CVEs is 7.1.

This page aggregates every publicly disclosed vulnerability (CVE) affecting xxyopen novel-plus, with a severity breakdown, the affected and patched versions, the most common weakness types, and the full CVE list.

Severity and exploitation

How the CVSS severity of xxyopen novel-plus's CVEs breaks down, plus how many are exploited in the wild or have public exploit code.

Critical12

High4

Medium21

Low2

11 additional CVEs have no CVSS severity score.

In CISA’s Known Exploited Vulnerabilities catalog

0

None of xxyopen novel-plus's CVEs are currently listed in CISA's KEV catalog.

Public exploits

29

29 of xxyopen novel-plus's CVEs have a known public exploit available.

Affected versions and CVEs

Browse every xxyopen novel-plus version named in a CVE, then pick one to see only the CVEs that affect it.

Specific versions

5.1.03 CVEs
5.1.13 CVEs
5.1.23 CVEs
5.1.33 CVEs

Fixed in

5.1.14 CVEs
> 4.2.01 CVE
> 4.3.0-rc11 CVE
5.1.01 CVE

Find a version

50 CVEs

Sort

Medium vulnerability · 2025-10-08
CVE-2025-60299
Public exploit
CWE-79
Medium · CVSS 5.4
EPSS 0.0% (8th pct)2025-10-08
Medium vulnerability · 2025-10-08
CVE-2025-60298
Public exploit
CWE-79
Medium · CVSS 5.4
EPSS 0.0% (8th pct)2025-10-08
xxyopen/201206030 novel-plus User Management Module UserMapper.xml list sql injection
CVE-2025-6535
Public exploit
CWE-89
Medium · CVSS 6.3
EPSS 0.2% (40th pct)2025-06-24
xxyopen/201206030 novel-plus File FileController.java remove resource injection
CVE-2025-6534
Public exploit
CWE-99
Medium · CVSS 4.2
EPSS 0.5% (65th pct)2025-06-24
xxyopen/201206030 novel-plus CATCHA LoginController.java ajaxLogin authentication replay
CVE-2025-6533
Public exploit
CWE-294
Medium · CVSS 6.3
EPSS 0.4% (60th pct)2025-06-24
Critical vulnerability · 2025-06-20
CVE-2025-45890
Public exploit
Patch
CWE-22
Critical · CVSS 9.8
EPSS 6.2% (91th pct)2025-06-20
20120630 Novel-Plus GeneratorController.java genCode missing authentication
CVE-2025-4019
Public exploit
Patch
CWE-306
High · CVSS 7.3
EPSS 0.4% (62th pct)2025-04-28
20120630 Novel-Plus CrawlController.java addCrawlSource missing authentication
CVE-2025-4018
Public exploit
Patch
CWE-306
Medium · CVSS 6.9
EPSS 0.2% (44th pct)2025-04-28
20120630 Novel-Plus LogController.java list improper authorization
CVE-2025-4017
Public exploit
CWE-285
Medium · CVSS 5.3
EPSS 0.2% (37th pct)2025-04-28
20120630 Novel-Plus LogController.java deleteIndex improper authorization
CVE-2025-4016
Public exploit
Patch
CWE-285
Medium · CVSS 5.4
EPSS 0.5% (64th pct)2025-04-28
20120630 Novel-Plus SessionController.java list missing authentication
CVE-2025-4015
Public exploit
Patch
CWE-306
Medium · CVSS 6.9
EPSS 0.2% (45th pct)2025-04-28
xxyopen Novel-Plus searchByPage sql injection
CVE-2025-3856
Public exploit
CWE-89
Medium · CVSS 6.3
EPSS 0.2% (40th pct)2025-04-22
xxyopen Novel-Plus books sql injection
CVE-2025-3676
Public exploit
CWE-89
Medium · CVSS 6.3
EPSS 0.2% (39th pct)2025-04-16
xxyopen Novel-Plus list sql injection
CVE-2025-3369
Public exploit
CWE-89
Medium · CVSS 6.3
EPSS 0.1% (33th pct)2025-04-07
Medium vulnerability · 2025-03-04
CVE-2025-26182CWE-94
Medium · CVSS 6.5
EPSS 0.8% (74th pct)2025-03-04
High vulnerability · 2024-04-30
CVE-2024-33383
Public exploit
Patch
CWE-639
High · CVSS 7.5
EPSS 0.3% (50th pct)2024-04-30
Critical vulnerability · 2024-02-20
CVE-2024-25274CWE-434
Critical · CVSS 9.8
EPSS 0.2% (48th pct)2024-02-20
Critical vulnerability · 2024-02-08
CVE-2024-24026CWE-434
Critical · CVSS 9.8
EPSS 0.1% (27th pct)2024-02-08
Critical vulnerability · 2024-02-08
CVE-2024-24025CWE-434
Critical · CVSS 9.8
EPSS 0.1% (28th pct)2024-02-08
Critical vulnerability · 2024-02-08
CVE-2024-24024
Patch
CWE-434
Critical · CVSS 9.8
EPSS 0.1% (28th pct)2024-02-08
Critical vulnerability · 2024-02-08
CVE-2024-24023
Patch
CWE-89
Critical · CVSS 9.8
EPSS 0.1% (21th pct)2024-02-08
Critical vulnerability · 2024-02-08
CVE-2024-24021CWE-89
Critical · CVSS 9.8
EPSS 0.1% (25th pct)2024-02-08
Critical vulnerability · 2024-02-08
CVE-2024-24018CWE-89
Critical · CVSS 9.8
EPSS 0.1% (23th pct)2024-02-08
High vulnerability · 2024-02-08
CVE-2024-24017
Patch
CWE-89
High · CVSS 7.5
EPSS 0.1% (20th pct)2024-02-08
Critical vulnerability · 2024-02-08
CVE-2024-24014CWE-89
Critical · CVSS 9.8
EPSS 0.1% (26th pct)2024-02-08
Critical vulnerability · 2024-02-07
CVE-2024-24019CWE-89
Critical · CVSS 9.8
EPSS 0.1% (22th pct)2024-02-07
Critical vulnerability · 2024-02-06
CVE-2024-24015CWE-89
Critical · CVSS 9.8
EPSS 0.1% (21th pct)2024-02-06
Critical vulnerability · 2024-02-06
CVE-2024-24013CWE-89
Critical · CVSS 9.8
EPSS 0.1% (25th pct)2024-02-06
Novel-Plus list sql injection
CVE-2024-0941
Public exploit
CWE-89
Medium · CVSS 5.5
EPSS 0.1% (17th pct)2024-01-26
Novel-Plus list sql injection
CVE-2024-0655
Public exploit
CWE-89
Medium · CVSS 5.5
EPSS 0.1% (17th pct)2024-01-18

Showing 30 of 50

Common weakness types

The CWE weakness categories most often found in xxyopen novel-plus CVEs. Follow any weakness for its full explanation.

CWE-89Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')21 CVEs
CWE-79Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')4 CVEs
CWE-434Unrestricted Upload of File with Dangerous Type4 CVEs
CWE-306Missing Authentication for Critical Function3 CVEs
CWE-285Improper Authorization2 CVEs
CWE-99Improper Control of Resource Identifiers ('Resource Injection')1 CVE
CWE-294Authentication Bypass by Capture-replay1 CVE
CWE-639Authorization Bypass Through User-Controlled Key1 CVE

Disclosure activity by year

How many xxyopen novel-plus CVEs were published each year.

2022

7

2023

13

2024

15

2025

15

Other xxyopen products

Browse vulnerabilities for other products by xxyopen.

novel3 CVEs novel-cloud1 CVEs

All xxyopen vulnerabilities

Frequently asked questions

Common questions about xxyopen novel-plus vulnerabilities.

How many CVEs does xxyopen novel-plus have?

xxyopen novel-plus has 50 published CVE records since 2022.

How many xxyopen novel-plus CVEs are in CISA KEV?

None of xxyopen novel-plus's CVEs are currently listed in CISA's Known Exploited Vulnerabilities catalog.

Are there public exploits for xxyopen novel-plus vulnerabilities?

Yes — 29 of xxyopen novel-plus's CVEs have a known public exploit.

Which versions of xxyopen novel-plus are affected?

8 distinct xxyopen novel-plus versions are named across its CVEs. Use the version filter above to see the CVEs affecting a specific version.

What are the most common weakness types in xxyopen novel-plus CVEs?

xxyopen novel-plus's CVEs most often map to these CWE weakness types: CWE-89 (Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')), CWE-79 (Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')), CWE-434 (Unrestricted Upload of File with Dangerous Type), CWE-306 (Missing Authentication for Critical Function).

How many critical xxyopen novel-plus vulnerabilities are there?

xxyopen novel-plus has 12 critical and 4 high-severity CVEs.

What is the average severity of xxyopen novel-plus CVEs?

The average CVSS base score across xxyopen novel-plus's scored CVEs is 7.1.

References

All xxyopen vulnerabilities
The MITRE CVE Program (opens in a new tab)
Learn: What is a CVE?
CWE directory: the weakness types these CVEs map to

Vulnerability data is sourced from the CVE Program; severity, KEV, and exploit signals are aggregated by RadicalNotion.AI.

Track xxyopen novel-plus vulnerabilities

Monitor new xxyopen novel-plus vulnerabilities as they are disclosed, with AI-written analysis and remediation guidance.

Start free See pricing

On this page

Overview
Severity and exploitation
Affected versions and CVEs
Common weakness types
Disclosure activity
Other products
FAQ
References