VYPR
Vendor

Jeecg

Products
5
CVEs
73
Across products
73
Status
Private

Products

5

Recent CVEs

73
View all 73 CVEs →
  • CVE-2024-43028CriApr 1, 2026
    risk 0.64cvss 9.8epss 0.02

    A command injection vulnerability in the component /jmreport/show of jeecg boot v3.0.0 to v3.5.3 allows attackers to execute arbitrary code via a crafted HTTP request.

  • CVE-2024-40489CriApr 1, 2026
    risk 0.64cvss 9.8epss 0.01

    There is an injection vulnerability in jeecg boot versions 3.0.0 to 3.5.3 due to lax character filtering, which allows attackers to execute arbitrary code on components through specially crafted HTTP requests.

  • CVE-2024-50640CriAug 20, 2025
    risk 0.64cvss 9.8epss 0.00

    jeewx-boot 1.3 has an authentication bypass vulnerability in the preHandle function

  • CVE-2026-10240MedJun 1, 2026
    risk 0.41cvss 6.3epss 0.00

    A vulnerability was identified in JeecgBoot up to 3.9.2. The impacted element is an unknown function of the file /airag/airagModel/test. The manipulation of the argument baseUrl leads to server-side request forgery. The attack is possible to be carried out remotely. The exploit…

  • CVE-2026-10239MedJun 1, 2026
    risk 0.41cvss 6.3epss 0.00

    A vulnerability was determined in JeecgBoot up to 3.9.2. The affected element is the function WordUtil.addImage of the file /airag/word/edit. Executing a manipulation can lead to server-side request forgery. The attack can be executed remotely. The exploit has been publicly…

  • CVE-2026-3672MedMar 7, 2026
    risk 0.41cvss 6.3epss 0.00

    A vulnerability has been found in JeecgBoot up to 3.9.1. Affected is the function isExistSqlInjectKeyword of the file /jeecg-boot/sys/api/getDictItems. Such manipulation leads to sql injection. The attack may be performed from remote. The exploit has been disclosed to the public…

  • CVE-2026-2945MedFeb 22, 2026
    risk 0.41cvss 6.3epss 0.00

    A weakness has been identified in JeecgBoot 3.9.0. Affected by this vulnerability is an unknown functionality of the file /sys/common/uploadImgByHttp. Executing a manipulation of the argument fileUrl can lead to server-side request forgery. The attack may be launched remotely.…

  • CVE-2026-2822MedFeb 20, 2026
    risk 0.41cvss 6.3epss 0.00

    A security vulnerability has been detected in JeecgBoot up to 3.9.1. The affected element is an unknown function of the file /jeecgboot/sys/dict/loadDict/airag_app,1,create_by of the component Backend Interface. Such manipulation of the argument keyword leads to sql injection.…

  • CVE-2026-1746MedFeb 2, 2026
    risk 0.41cvss 6.3epss 0.00

    A vulnerability was identified in JeecgBoot 3.9.0. This vulnerability affects unknown code of the file /JeecgBoot/sys/api/loadDictItemByKeyword of the component Online Report API. Such manipulation of the argument keyword leads to sql injection. The attack can be executed…

  • CVE-2025-10771MedSep 21, 2025
    risk 0.41cvss 6.3epss 0.01

    A vulnerability was determined in jeecgboot JimuReport up to 2.1.2. Affected is an unknown function of the file /drag/onlDragDataSource/testConnection of the component DB2 JDBC Handler. Executing manipulation of the argument clientRerouteServerListJNDIName can lead to…

  • CVE-2025-10770MedSep 21, 2025
    risk 0.41cvss 6.3epss 0.00

    A vulnerability was found in jeecgboot JimuReport up to 2.1.2. This impacts an unknown function of the file /drag/onlDragDataSource/testConnection of the component MySQL JDBC Handler. Performing manipulation results in deserialization. Remote exploitation of the attack is…

  • CVE-2025-10707MedSep 19, 2025
    risk 0.41cvss 6.3epss 0.00

    A weakness has been identified in JeecgBoot up to 3.8.2. Affected is an unknown function of the file /message/sysMessageTemplate/sendMsg. Executing manipulation can lead to improper authorization. The attack may be launched remotely. The exploit has been made available to the…

  • CVE-2025-10318MedSep 12, 2025
    risk 0.41cvss 6.3epss 0.00

    A vulnerability was identified in JeecgBoot up to 3.8.2. Affected by this vulnerability is an unknown functionality of the file /api/system/sendWebSocketMsg of the component WebSocket Message Handler. The manipulation of the argument userIds leads to improper authorization. The…

  • CVE-2026-9580HigMay 26, 2026
    risk 0.40cvss 7.3epss 0.00

    A vulnerability was determined in JeecgBoot up to 3.9.1. The affected element is the function LoginController.selectDepart of the file /sys/selectDepart. This manipulation causes improper access controls. Remote exploitation of the attack is possible. The exploit has been…

  • CVE-2026-5616HigApr 6, 2026
    risk 0.40cvss 7.3epss 0.00

    A security vulnerability has been detected in JeecgBoot 3.9.0/3.9.1. The impacted element is an unknown function of the file jeecg-boot/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/airag/JeecgBizToolsProvider.java of the component AI Chat Module. Such…

  • CVE-2026-10241MedJun 1, 2026
    risk 0.34cvss 6.3epss 0.00

    A security flaw has been discovered in jeecgboot The server processes these URLs up to 3.9.1. This affects the function FileDownloadUtils.download2DiskFromNet of the file /airag/app/debug of the component Cloud Instance Metadata Endpoint. The manipulation results in server-side…

  • CVE-2026-9581MedMay 26, 2026
    risk 0.34cvss 6.3epss 0.00

    A vulnerability was identified in JeecgBoot up to 3.9.1. The impacted element is an unknown function of the file /sys/comment/add. Such manipulation leads to improper access controls. The attack can be executed remotely. The exploit is publicly available and might be used.…

  • CVE-2026-9579MedMay 26, 2026
    risk 0.34cvss 6.3epss 0.00

    A vulnerability was found in JeecgBoot up to 3.9.1. Impacted is the function user.getUsername of the file /sys/user/login/setting/userEdit of the component SysUser. The manipulation of the argument userIdentity results in improper access controls. The attack may be launched…

  • CVE-2026-8114MedMay 7, 2026
    risk 0.34cvss 6.3epss 0.00

    A vulnerability was identified in JeecgBoot up to 3.9.1. Affected by this issue is some unknown functionality of the file /sys/dict/loadTreeData of the component JSON Object Handler. The manipulation of the argument condition leads to sql injection. The attack can be initiated…

  • CVE-2026-7605MedMay 2, 2026
    risk 0.34cvss 6.3epss 0.00

    A security flaw has been discovered in JeecgBoot up to 3.9.1. This vulnerability affects the function CommonController.uploadImgByHttp/HttpFileToMultipartFileUtil.httpFileToMultipartFile/HttpFileToMultipartFileUtil.downloadImageData of the file CommonController.java of the…