Filtered by vendor Jeecg
Subscribe
Total
72 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-15126 | 1 Jeecg | 1 Jeecg Boot | 2026-04-29 | 2.1 LOW | 3.1 LOW |
| A weakness has been identified in JeecgBoot up to 3.9.0. Affected by this vulnerability is the function getPositionUserList of the file /sys/position/getPositionUserList. This manipulation of the argument positionId causes improper authorization. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been made available to the public and could be exploited. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-10770 | 1 Jeecg | 1 Jimureport | 2026-04-29 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability was found in jeecgboot JimuReport up to 2.1.2. This impacts an unknown function of the file /drag/onlDragDataSource/testConnection of the component MySQL JDBC Handler. Performing manipulation results in deserialization. Remote exploitation of the attack is possible. The exploit has been made public and could be used. | |||||
| CVE-2025-10979 | 1 Jeecg | 1 Jeecg Boot | 2026-04-29 | 4.0 MEDIUM | 4.3 MEDIUM |
| A weakness has been identified in JeecgBoot up to 3.8.2. The impacted element is an unknown function of the file /sys/role/exportXls. This manipulation causes improper authorization. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be exploited. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2026-1746 | 1 Jeecg | 1 Jeecg Boot | 2026-04-29 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability was identified in JeecgBoot 3.9.0. This vulnerability affects unknown code of the file /JeecgBoot/sys/api/loadDictItemByKeyword of the component Online Report API. Such manipulation of the argument keyword leads to sql injection. The attack can be executed remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-40489 | 1 Jeecg | 1 Jeecg Boot | 2026-04-06 | N/A | 9.8 CRITICAL |
| There is an injection vulnerability in jeecg boot versions 3.0.0 to 3.5.3 due to lax character filtering, which allows attackers to execute arbitrary code on components through specially crafted HTTP requests. | |||||
| CVE-2024-43028 | 1 Jeecg | 1 Jeecg Boot | 2026-04-06 | N/A | 9.8 CRITICAL |
| A command injection vulnerability in the component /jmreport/show of jeecg boot v3.0.0 to v3.5.3 allows attackers to execute arbitrary code via a crafted HTTP request. | |||||
| CVE-2026-2555 | 1 Jeecg | 1 Jeecg Boot | 2026-02-18 | 4.6 MEDIUM | 5.0 MEDIUM |
| A weakness has been identified in JeecgBoot 3.9.1. This vulnerability affects the function importDocumentFromZip of the file org/jeecg/modules/airag/llm/controller/AiragKnowledgeController.java of the component Retrieval-Augmented Generation. Executing a manipulation can lead to deserialization. The attack can be launched remotely. Attacks of this nature are highly complex. It is stated that the exploitability is difficult. The project was informed of the problem early through an issue report but has not responded yet. | |||||
| CVE-2025-66913 | 1 Jeecg | 1 Jimureport | 2026-01-30 | N/A | 9.8 CRITICAL |
| JimuReport thru version 2.1.3 is vulnerable to remote code execution when processing user-controlled H2 JDBC URLs. The application passes the attacker-supplied JDBC URL directly to the H2 driver, allowing the use of certain directives to execute arbitrary Java code. A different vulnerability than CVE-2025-10770. | |||||
| CVE-2023-47467 | 1 Jeecg | 1 Jeecg Boot | 2026-01-02 | N/A | 6.5 MEDIUM |
| Directory Traversal vulnerability in jeecg-boot v.3.6.0 allows a remote privileged attacker to obtain sensitive information via the file directory structure. | |||||
| CVE-2023-1454 | 1 Jeecg | 1 Jeecg Boot | 2026-01-02 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability classified as critical has been found in jeecg-boot 3.5.0. This affects an unknown part of the file jmreport/qurestSql. The manipulation of the argument apiSelectId leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-223299. | |||||
| CVE-2025-4533 | 1 Jeecg | 1 Jeecg Boot | 2025-12-31 | 3.3 LOW | 2.7 LOW |
| A vulnerability classified as problematic was found in JeecgBoot up to 3.8.0. This vulnerability affects the function unzipFile of the file /jeecg-boot/airag/knowledge/doc/import/zip of the component Document Library Upload. The manipulation of the argument File leads to resource consumption. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-15121 | 1 Jeecg | 1 Jeecg Boot | 2025-12-30 | 2.2 LOW | 2.4 LOW |
| A vulnerability has been found in JeecgBoot up to 3.9.0. The affected element is the function getDeptRoleByUserId of the file /sys/sysDepartRole/getDeptRoleByUserId. Such manipulation of the argument departId leads to information disclosure. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-8963 | 1 Jeecg | 1 Jimureport | 2025-10-17 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability was determined in jeecgboot JimuReport up to 2.1.1. Affected by this issue is some unknown functionality of the file /drag/onlDragDataSource/testConnection of the component Data Large Screen Template. The manipulation leads to deserialization. The attack may be launched remotely. The vendor response to the GitHub issue report is: "Modified, next version updated". | |||||
| CVE-2025-61188 | 1 Jeecg | 1 Jeecg Boot | 2025-10-07 | N/A | 6.3 MEDIUM |
| Jeecgboot versions 3.8.2 and earlier are affected by a path traversal vulnerability. This vulnerability allows attackers to upload files with system-whitelisted extensions to the system directory /opt, instead of the /opt/upFiles directory specified by the web server. | |||||
| CVE-2025-61189 | 1 Jeecg | 1 Jeecg Boot | 2025-10-07 | N/A | 6.3 MEDIUM |
| Jeecgboot versions 3.8.2 and earlier are affected by a path traversal vulnerability. The endpoint is /sys/comment/addFile. This vulnerability allows attackers to upload files with system-whitelisted extensions to the system directory /opt, instead of the /opt/upFiles directory specified by the web server. | |||||
| CVE-2024-44893 | 1 Jeecg | 1 Jimureport | 2025-09-29 | N/A | 9.8 CRITICAL |
| An issue in the component /jeecg-boot/jmreport/dict/list of JimuReport v1.7.8 allows attacker to escalate privileges via a crafted GET request. | |||||
| CVE-2024-48307 | 1 Jeecg | 1 Jeecg Boot | 2025-06-27 | N/A | 9.8 CRITICAL |
| JeecgBoot v3.7.1 was discovered to contain a SQL injection vulnerability via the component /onlDragDatasetHead/getTotalData. | |||||
| CVE-2022-45210 | 1 Jeecg | 1 Jeecg Boot | 2025-04-29 | N/A | 4.3 MEDIUM |
| Jeecg-boot v3.4.3 was discovered to contain a SQL injection vulnerability via the component /sys/user/deleteRecycleBin. | |||||
| CVE-2022-45208 | 1 Jeecg | 1 Jeecg Boot | 2025-04-29 | N/A | 4.3 MEDIUM |
| Jeecg-boot v3.4.3 was discovered to contain a SQL injection vulnerability via the component /sys/user/putRecycleBin. | |||||
| CVE-2022-45207 | 1 Jeecg | 1 Jeecg Boot | 2025-04-29 | N/A | 9.8 CRITICAL |
| Jeecg-boot v3.4.3 was discovered to contain a SQL injection vulnerability via the component updateNullByEmptyString. | |||||