VYPR

Vendor CVEs

Jeecg

All CVEs

73 total · sorted by risk
  • CVE-2024-43028CriApr 1, 2026
    risk 0.64cvss 9.8epss 0.02

    A command injection vulnerability in the component /jmreport/show of jeecg boot v3.0.0 to v3.5.3 allows attackers to execute arbitrary code via a crafted HTTP request.

  • CVE-2024-40489CriApr 1, 2026
    risk 0.64cvss 9.8epss 0.01

    There is an injection vulnerability in jeecg boot versions 3.0.0 to 3.5.3 due to lax character filtering, which allows attackers to execute arbitrary code on components through specially crafted HTTP requests.

  • CVE-2024-50640CriAug 20, 2025
    risk 0.64cvss 9.8epss 0.00

    jeewx-boot 1.3 has an authentication bypass vulnerability in the preHandle function

  • CVE-2026-10240MedJun 1, 2026
    risk 0.41cvss 6.3epss 0.00

    A vulnerability was identified in JeecgBoot up to 3.9.2. The impacted element is an unknown function of the file /airag/airagModel/test. The manipulation of the argument baseUrl leads to server-side request forgery. The attack is possible to be carried out remotely. The exploit…

  • CVE-2026-10239MedJun 1, 2026
    risk 0.41cvss 6.3epss 0.00

    A vulnerability was determined in JeecgBoot up to 3.9.2. The affected element is the function WordUtil.addImage of the file /airag/word/edit. Executing a manipulation can lead to server-side request forgery. The attack can be executed remotely. The exploit has been publicly…

  • CVE-2026-3672MedMar 7, 2026
    risk 0.41cvss 6.3epss 0.00

    A vulnerability has been found in JeecgBoot up to 3.9.1. Affected is the function isExistSqlInjectKeyword of the file /jeecg-boot/sys/api/getDictItems. Such manipulation leads to sql injection. The attack may be performed from remote. The exploit has been disclosed to the public…

  • CVE-2026-2945MedFeb 22, 2026
    risk 0.41cvss 6.3epss 0.00

    A weakness has been identified in JeecgBoot 3.9.0. Affected by this vulnerability is an unknown functionality of the file /sys/common/uploadImgByHttp. Executing a manipulation of the argument fileUrl can lead to server-side request forgery. The attack may be launched remotely.…

  • CVE-2026-2822MedFeb 20, 2026
    risk 0.41cvss 6.3epss 0.00

    A security vulnerability has been detected in JeecgBoot up to 3.9.1. The affected element is an unknown function of the file /jeecgboot/sys/dict/loadDict/airag_app,1,create_by of the component Backend Interface. Such manipulation of the argument keyword leads to sql injection.…

  • CVE-2026-1746MedFeb 2, 2026
    risk 0.41cvss 6.3epss 0.00

    A vulnerability was identified in JeecgBoot 3.9.0. This vulnerability affects unknown code of the file /JeecgBoot/sys/api/loadDictItemByKeyword of the component Online Report API. Such manipulation of the argument keyword leads to sql injection. The attack can be executed…

  • CVE-2025-10771MedSep 21, 2025
    risk 0.41cvss 6.3epss 0.01

    A vulnerability was determined in jeecgboot JimuReport up to 2.1.2. Affected is an unknown function of the file /drag/onlDragDataSource/testConnection of the component DB2 JDBC Handler. Executing manipulation of the argument clientRerouteServerListJNDIName can lead to…

  • CVE-2025-10770MedSep 21, 2025
    risk 0.41cvss 6.3epss 0.00

    A vulnerability was found in jeecgboot JimuReport up to 2.1.2. This impacts an unknown function of the file /drag/onlDragDataSource/testConnection of the component MySQL JDBC Handler. Performing manipulation results in deserialization. Remote exploitation of the attack is…

  • CVE-2025-10707MedSep 19, 2025
    risk 0.41cvss 6.3epss 0.00

    A weakness has been identified in JeecgBoot up to 3.8.2. Affected is an unknown function of the file /message/sysMessageTemplate/sendMsg. Executing manipulation can lead to improper authorization. The attack may be launched remotely. The exploit has been made available to the…

  • CVE-2025-10318MedSep 12, 2025
    risk 0.41cvss 6.3epss 0.00

    A vulnerability was identified in JeecgBoot up to 3.8.2. Affected by this vulnerability is an unknown functionality of the file /api/system/sendWebSocketMsg of the component WebSocket Message Handler. The manipulation of the argument userIds leads to improper authorization. The…

  • CVE-2026-9580HigMay 26, 2026
    risk 0.40cvss 7.3epss 0.00

    A vulnerability was determined in JeecgBoot up to 3.9.1. The affected element is the function LoginController.selectDepart of the file /sys/selectDepart. This manipulation causes improper access controls. Remote exploitation of the attack is possible. The exploit has been…

  • CVE-2026-5616HigApr 6, 2026
    risk 0.40cvss 7.3epss 0.00

    A security vulnerability has been detected in JeecgBoot 3.9.0/3.9.1. The impacted element is an unknown function of the file jeecg-boot/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/airag/JeecgBizToolsProvider.java of the component AI Chat Module. Such…

  • CVE-2026-10241MedJun 1, 2026
    risk 0.34cvss 6.3epss 0.00

    A security flaw has been discovered in jeecgboot The server processes these URLs up to 3.9.1. This affects the function FileDownloadUtils.download2DiskFromNet of the file /airag/app/debug of the component Cloud Instance Metadata Endpoint. The manipulation results in server-side…

  • CVE-2026-9581MedMay 26, 2026
    risk 0.34cvss 6.3epss 0.00

    A vulnerability was identified in JeecgBoot up to 3.9.1. The impacted element is an unknown function of the file /sys/comment/add. Such manipulation leads to improper access controls. The attack can be executed remotely. The exploit is publicly available and might be used.…

  • CVE-2026-9579MedMay 26, 2026
    risk 0.34cvss 6.3epss 0.00

    A vulnerability was found in JeecgBoot up to 3.9.1. Impacted is the function user.getUsername of the file /sys/user/login/setting/userEdit of the component SysUser. The manipulation of the argument userIdentity results in improper access controls. The attack may be launched…

  • CVE-2026-8114MedMay 7, 2026
    risk 0.34cvss 6.3epss 0.00

    A vulnerability was identified in JeecgBoot up to 3.9.1. Affected by this issue is some unknown functionality of the file /sys/dict/loadTreeData of the component JSON Object Handler. The manipulation of the argument condition leads to sql injection. The attack can be initiated…

  • CVE-2026-7605MedMay 2, 2026
    risk 0.34cvss 6.3epss 0.00

    A security flaw has been discovered in JeecgBoot up to 3.9.1. This vulnerability affects the function CommonController.uploadImgByHttp/HttpFileToMultipartFileUtil.httpFileToMultipartFile/HttpFileToMultipartFileUtil.downloadImageData of the file CommonController.java of the…

  • CVE-2026-7604MedMay 2, 2026
    risk 0.34cvss 6.3epss 0.00

    A vulnerability was identified in JeecgBoot up to 3.9.1. This affects the function OpenApiController.add/OpenApiController.call of the file OpenApiController.java of the component OpenApi Service. Such manipulation of the argument originUrl database leads to server-side request…

  • CVE-2026-7603MedMay 2, 2026
    risk 0.34cvss 6.3epss 0.00

    A vulnerability was determined in JeecgBoot up to 3.9.1. Affected by this issue is the function checkPathTraversalBatch of the file FileDownloadUtils.jav of the component LoadFile Endpoint. This manipulation of the argument files causes server-side request forgery. It is…

  • CVE-2026-7602MedMay 2, 2026
    risk 0.34cvss 6.3epss 0.00

    A vulnerability was found in JeecgBoot up to 3.9.1. Affected by this vulnerability is an unknown functionality of the file /sys/fillRule/edit of the component FillRuleUtil Component. The manipulation of the argument ruleClass results in improper authorization. The attack may be…

  • CVE-2026-7290MedApr 28, 2026
    risk 0.34cvss 6.3epss 0.00

    A vulnerability was determined in JeecgBoot up to 3.9.1. Impacted is the function SqlInjectionUtil of the file jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/common/util/SqlInjectionUtil.java of the component loadDict Endpoint. This manipulation of the argument keyword…

  • CVE-2026-5999MedApr 10, 2026
    risk 0.34cvss 6.3epss 0.00

    A vulnerability has been found in JeecgBoot up to 3.9.1. This impacts an unknown function of the component SysAnnouncementController. Such manipulation leads to improper authorization. The attack can be launched remotely. The exploit has been disclosed to the public and may be…

  • CVE-2025-14908MedDec 19, 2025
    risk 0.34cvss 6.3epss 0.00

    A security flaw has been discovered in JeecgBoot up to 3.9.0. The affected element is an unknown function of the file jeecg-boot/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/SysTenantController.java of the component Multi-Tenant…

  • CVE-2026-5848MedApr 9, 2026
    risk 0.31cvss 4.7epss 0.00

    A vulnerability was found in jeecgboot JimuReport up to 2.3.0. The affected element is the function DriverManager.getConnection of the file /drag/onlDragDataSource/testConnection of the component Data Source Handler. Performing a manipulation of the argument dbUrl results in…

  • CVE-2026-2111MedFeb 7, 2026
    risk 0.28cvss 4.3epss 0.01

    A weakness has been identified in JeecgBoot up to 3.9.0. Affected by this issue is some unknown functionality of the file /airag/knowledge/doc/edit of the component Retrieval-Augmented Generation Module. Executing a manipulation of the argument filePath can lead to path…

  • CVE-2025-12626MedNov 3, 2025
    risk 0.28cvss 4.3epss 0.00

    A security flaw has been discovered in jeecgboot jeewx-boot up to 641ab52c3e1845fec39996d7794c33fb40dad1dd. This affects the function getImgUrl of the file WxActGoldeneggsPrizesController.java. Performing manipulation of the argument imgurl results in path traversal. Remote…

  • CVE-2025-10981MedSep 26, 2025
    risk 0.28cvss 4.3epss 0.00

    A vulnerability was detected in JeecgBoot up to 3.8.2. This impacts an unknown function of the file /sys/tenant/exportXls. Performing manipulation results in improper authorization. The attack can be initiated remotely. The exploit is now public and may be used. The vendor was…

  • CVE-2025-10980MedSep 26, 2025
    risk 0.28cvss 4.3epss 0.00

    A security vulnerability has been detected in JeecgBoot up to 3.8.2. This affects an unknown function of the file /sys/position/exportXls. Such manipulation leads to improper authorization. It is possible to launch the attack remotely. The exploit has been disclosed publicly and…

  • CVE-2025-10979MedSep 25, 2025
    risk 0.28cvss 4.3epss 0.00

    A weakness has been identified in JeecgBoot up to 3.8.2. The impacted element is an unknown function of the file /sys/role/exportXls. This manipulation causes improper authorization. It is possible to initiate the attack remotely. The exploit has been made available to the…

  • CVE-2025-10978MedSep 25, 2025
    risk 0.28cvss 4.3epss 0.00

    A security flaw has been discovered in JeecgBoot up to 3.8.2. The affected element is an unknown function of the file /sys/user/exportXls of the component Filter Handler. The manipulation results in improper authorization. The attack may be performed from remote. The exploit has…

  • CVE-2025-10319MedSep 12, 2025
    risk 0.28cvss 4.3epss 0.00

    A security flaw has been discovered in JeecgBoot up to 3.8.2. Affected by this issue is some unknown functionality of the file /sys/tenant/exportLog of the component Tenant Log Export. The manipulation results in improper authorization. The attack can be launched remotely. The…

  • CVE-2026-9373LowMay 24, 2026
    risk 0.24cvss 3.7epss 0.00

    A vulnerability has been found in JeecgBoot 3.9.1. This issue affects some unknown processing of the file /openapi/call/ of the component OpenAPI Endpoint. Such manipulation leads to improper authentication. The attack can be executed remotely. A high complexity level is…

  • CVE-2026-8196LowMay 9, 2026
    risk 0.24cvss 3.7epss 0.00

    A flaw has been found in JeecgBoot 3.9.1. The impacted element is an unknown function of the file jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/LoginController.java of the component mLogin Endpoint. This manipulation causes authorization…

  • CVE-2026-9604MedMay 26, 2026
    risk 0.21cvss 4.3epss 0.00

    A vulnerability was detected in JeecgBoot up to 3.9.1. This vulnerability affects unknown code of the component AiragModelController. The manipulation of the argument list/queryById results in improper access controls. The attack can be executed remotely. The exploit is now…

  • CVE-2026-8195MedMay 9, 2026
    risk 0.21cvss 4.3epss 0.00

    A vulnerability was detected in JeecgBoot up to 3.9.1. The affected element is an unknown function of the file jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/CommonController.java of the component SVG File Handler. The manipulation results…

  • CVE-2025-14909MedDec 19, 2025
    risk 0.21cvss 4.3epss 0.00

    A weakness has been identified in JeecgBoot up to 3.9.0. The impacted element is the function SysUserOnlineController of the file jeecg-boot/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/SysUserOnlineController.java. Executing…

  • CVE-2025-15126LowDec 28, 2025
    risk 0.20cvss 3.1epss 0.00

    A weakness has been identified in JeecgBoot up to 3.9.0. Affected by this vulnerability is the function getPositionUserList of the file /sys/position/getPositionUserList. This manipulation of the argument positionId causes improper authorization. The attack may be initiated…

  • CVE-2025-15125LowDec 28, 2025
    risk 0.20cvss 3.1epss 0.00

    A security flaw has been discovered in JeecgBoot up to 3.9.0. Affected is the function queryDepartPermission of the file /sys/permission/queryDepartPermission. The manipulation of the argument departId results in improper authorization. The attack can be launched remotely. This…

  • CVE-2025-15124LowDec 28, 2025
    risk 0.20cvss 3.1epss 0.00

    A vulnerability was identified in JeecgBoot up to 3.9.0. This impacts the function getParameterMap of the file /sys/sysDepartPermission/list. The manipulation of the argument departId leads to improper authorization. The attack can be initiated remotely. The attack's complexity…

  • CVE-2025-15123LowDec 28, 2025
    risk 0.20cvss 3.1epss 0.00

    A vulnerability was determined in JeecgBoot up to 3.9.0. This affects an unknown function of the file /sys/sysDepartPermission/datarule/. Executing manipulation can lead to improper authorization. It is possible to launch the attack remotely. The attack requires a high level of…

  • CVE-2025-15122LowDec 28, 2025
    risk 0.20cvss 3.1epss 0.00

    A vulnerability was found in JeecgBoot up to 3.9.0. The impacted element is the function loadDatarule of the file /sys/sysDepartRole/datarule/. Performing manipulation of the argument departId/roleId results in improper authorization. It is possible to initiate the attack…

  • CVE-2025-15120LowDec 28, 2025
    risk 0.20cvss 3.1epss 0.00

    A flaw has been found in JeecgBoot up to 3.9.0. Impacted is the function getDeptRoleList of the file /sys/sysDepartRole/getDeptRoleList. This manipulation of the argument departId causes improper authorization. The attack is possible to be carried out remotely. A high degree of…

  • CVE-2025-15119LowDec 28, 2025
    risk 0.20cvss 3.1epss 0.00

    A vulnerability was detected in JeecgBoot up to 3.9.0. This issue affects the function queryPageList of the file /sys/sysDepartRole/list. The manipulation of the argument deptId results in improper authorization. The attack can be executed remotely. A high complexity level is…

  • CVE-2025-10977LowSep 25, 2025
    risk 0.20cvss 3.1epss 0.00

    A vulnerability was identified in JeecgBoot up to 3.8.2. Impacted is an unknown function of the file /sys/tenant/deleteBatch. The manipulation of the argument ids leads to improper authorization. The attack is possible to be carried out remotely. The complexity of an attack is…

  • CVE-2025-10976LowSep 25, 2025
    risk 0.20cvss 3.1epss 0.00

    A vulnerability was determined in JeecgBoot up to 3.8.2. This issue affects some unknown processing of the file /api/getDepartUserList. Executing manipulation of the argument departId can lead to improper authorization. The attack can be executed remotely. This attack is…

  • CVE-2026-11502LowJun 8, 2026
    risk 0.13cvss 3.1epss 0.00

    A weakness has been identified in JeecgBoot up to 3.9.2. Impacted is the function HttpServletResponse.sendRedirect of the file jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/ThirdLoginController.java of the component Third-Party Login.…

  • CVE-2026-11464LowJun 7, 2026
    risk 0.13cvss 3.1epss 0.00

    A vulnerability was identified in JeecgBoot up to 3.9.2. Affected by this vulnerability is the function queryPageList of the file src\main\java\org\jeecg\modules\system\controller\SysUserController.java of the component User List Endpoint. The manipulation of the argument salt…

Page 1 of 2