VYPR

Jeecgboot

by Jeecg

Source repositories

CVEs (59)

  • CVE-2026-7290MedApr 28, 2026
    risk 0.34cvss 6.3epss 0.00

    A vulnerability was determined in JeecgBoot up to 3.9.1. Impacted is the function SqlInjectionUtil of the file jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/common/util/SqlInjectionUtil.java of the component loadDict Endpoint. This manipulation of the argument keyword…

  • CVE-2026-5999MedApr 10, 2026
    risk 0.34cvss 6.3epss 0.00

    A vulnerability has been found in JeecgBoot up to 3.9.1. This impacts an unknown function of the component SysAnnouncementController. Such manipulation leads to improper authorization. The attack can be launched remotely. The exploit has been disclosed to the public and may be…

  • CVE-2025-14908MedDec 19, 2025
    risk 0.34cvss 6.3epss 0.00

    A security flaw has been discovered in JeecgBoot up to 3.9.0. The affected element is an unknown function of the file jeecg-boot/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/SysTenantController.java of the component Multi-Tenant…

  • CVE-2026-2111MedFeb 7, 2026
    risk 0.28cvss 4.3epss 0.01

    A weakness has been identified in JeecgBoot up to 3.9.0. Affected by this issue is some unknown functionality of the file /airag/knowledge/doc/edit of the component Retrieval-Augmented Generation Module. Executing a manipulation of the argument filePath can lead to path…

  • CVE-2025-10981MedSep 26, 2025
    risk 0.28cvss 4.3epss 0.00

    A vulnerability was detected in JeecgBoot up to 3.8.2. This impacts an unknown function of the file /sys/tenant/exportXls. Performing manipulation results in improper authorization. The attack can be initiated remotely. The exploit is now public and may be used. The vendor was…

  • CVE-2025-10980MedSep 26, 2025
    risk 0.28cvss 4.3epss 0.00

    A security vulnerability has been detected in JeecgBoot up to 3.8.2. This affects an unknown function of the file /sys/position/exportXls. Such manipulation leads to improper authorization. It is possible to launch the attack remotely. The exploit has been disclosed publicly and…

  • CVE-2025-10979MedSep 25, 2025
    risk 0.28cvss 4.3epss 0.00

    A weakness has been identified in JeecgBoot up to 3.8.2. The impacted element is an unknown function of the file /sys/role/exportXls. This manipulation causes improper authorization. It is possible to initiate the attack remotely. The exploit has been made available to the…

  • CVE-2025-10978MedSep 25, 2025
    risk 0.28cvss 4.3epss 0.00

    A security flaw has been discovered in JeecgBoot up to 3.8.2. The affected element is an unknown function of the file /sys/user/exportXls of the component Filter Handler. The manipulation results in improper authorization. The attack may be performed from remote. The exploit has…

  • CVE-2025-10319MedSep 12, 2025
    risk 0.28cvss 4.3epss 0.00

    A security flaw has been discovered in JeecgBoot up to 3.8.2. Affected by this issue is some unknown functionality of the file /sys/tenant/exportLog of the component Tenant Log Export. The manipulation results in improper authorization. The attack can be launched remotely. The…

  • CVE-2026-9373LowMay 24, 2026
    risk 0.24cvss 3.7epss 0.00

    A vulnerability has been found in JeecgBoot 3.9.1. This issue affects some unknown processing of the file /openapi/call/ of the component OpenAPI Endpoint. Such manipulation leads to improper authentication. The attack can be executed remotely. A high complexity level is…

  • CVE-2026-8196LowMay 9, 2026
    risk 0.24cvss 3.7epss 0.00

    A flaw has been found in JeecgBoot 3.9.1. The impacted element is an unknown function of the file jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/LoginController.java of the component mLogin Endpoint. This manipulation causes authorization…

  • CVE-2026-9604MedMay 26, 2026
    risk 0.21cvss 4.3epss 0.00

    A vulnerability was detected in JeecgBoot up to 3.9.1. This vulnerability affects unknown code of the component AiragModelController. The manipulation of the argument list/queryById results in improper access controls. The attack can be executed remotely. The exploit is now…

  • CVE-2026-8195MedMay 9, 2026
    risk 0.21cvss 4.3epss 0.00

    A vulnerability was detected in JeecgBoot up to 3.9.1. The affected element is an unknown function of the file jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/CommonController.java of the component SVG File Handler. The manipulation results…

  • CVE-2025-14909MedDec 19, 2025
    risk 0.21cvss 4.3epss 0.00

    A weakness has been identified in JeecgBoot up to 3.9.0. The impacted element is the function SysUserOnlineController of the file jeecg-boot/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/SysUserOnlineController.java. Executing…

  • CVE-2025-15126LowDec 28, 2025
    risk 0.20cvss 3.1epss 0.00

    A weakness has been identified in JeecgBoot up to 3.9.0. Affected by this vulnerability is the function getPositionUserList of the file /sys/position/getPositionUserList. This manipulation of the argument positionId causes improper authorization. The attack may be initiated…

  • CVE-2025-15125LowDec 28, 2025
    risk 0.20cvss 3.1epss 0.00

    A security flaw has been discovered in JeecgBoot up to 3.9.0. Affected is the function queryDepartPermission of the file /sys/permission/queryDepartPermission. The manipulation of the argument departId results in improper authorization. The attack can be launched remotely. This…

  • CVE-2025-15124LowDec 28, 2025
    risk 0.20cvss 3.1epss 0.00

    A vulnerability was identified in JeecgBoot up to 3.9.0. This impacts the function getParameterMap of the file /sys/sysDepartPermission/list. The manipulation of the argument departId leads to improper authorization. The attack can be initiated remotely. The attack's complexity…

  • CVE-2025-15123LowDec 28, 2025
    risk 0.20cvss 3.1epss 0.00

    A vulnerability was determined in JeecgBoot up to 3.9.0. This affects an unknown function of the file /sys/sysDepartPermission/datarule/. Executing manipulation can lead to improper authorization. It is possible to launch the attack remotely. The attack requires a high level of…

  • CVE-2025-15122LowDec 28, 2025
    risk 0.20cvss 3.1epss 0.00

    A vulnerability was found in JeecgBoot up to 3.9.0. The impacted element is the function loadDatarule of the file /sys/sysDepartRole/datarule/. Performing manipulation of the argument departId/roleId results in improper authorization. It is possible to initiate the attack…

  • CVE-2025-15120LowDec 28, 2025
    risk 0.20cvss 3.1epss 0.00

    A flaw has been found in JeecgBoot up to 3.9.0. Impacted is the function getDeptRoleList of the file /sys/sysDepartRole/getDeptRoleList. This manipulation of the argument departId causes improper authorization. The attack is possible to be carried out remotely. A high degree of…