Filtered by vendor Jeecg
Subscriptions
Total
54 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-61188 | 1 Jeecg | 1 Jeecgboot | 2025-10-02 | 6.3 Medium |
| Jeecgboot versions 3.8.2 and earlier are affected by a path traversal vulnerability. This vulnerability allows attackers to upload files with system-whitelisted extensions to the system directory /opt, instead of the /opt/upFiles directory specified by the web server. | ||||
| CVE-2025-61189 | 1 Jeecg | 1 Jeecgboot | 2025-10-02 | 6.3 Medium |
| Jeecgboot versions 3.8.2 and earlier are affected by a path traversal vulnerability. The endpoint is /sys/comment/addFile. This vulnerability allows attackers to upload files with system-whitelisted extensions to the system directory /opt, instead of the /opt/upFiles directory specified by the web server. | ||||
| CVE-2025-51825 | 2 Guojusoft, Jeecg | 2 Jeecgboot, Jeecgboot | 2025-10-01 | 6.5 Medium |
| JeecgBoot versions from 3.4.3 up to 3.8.0 were found to contain a SQL injection vulnerability in the /jeecg-boot/online/cgreport/head/parseSql endpoint, which allows bypassing SQL blacklist restrictions. | ||||
| CVE-2024-44893 | 1 Jeecg | 1 Jimureport | 2025-09-29 | 9.8 Critical |
| An issue in the component /jeecg-boot/jmreport/dict/list of JimuReport v1.7.8 allows attacker to escalate privileges via a crafted GET request. | ||||
| CVE-2025-10976 | 2 Guojusoft, Jeecg | 2 Jeecgboot, Jeecgboot | 2025-09-29 | 3.1 Low |
| A vulnerability was determined in JeecgBoot up to 3.8.2. This issue affects some unknown processing of the file /api/getDepartUserList. Executing manipulation of the argument departId can lead to improper authorization. The attack can be executed remotely. This attack is characterized by high complexity. The exploitability is assessed as difficult. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-10977 | 2 Guojusoft, Jeecg | 2 Jeecgboot, Jeecgboot | 2025-09-29 | 3.1 Low |
| A vulnerability was identified in JeecgBoot up to 3.8.2. Impacted is an unknown function of the file /sys/tenant/deleteBatch. The manipulation of the argument ids leads to improper authorization. The attack is possible to be carried out remotely. The complexity of an attack is rather high. The exploitability is considered difficult. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-10978 | 2 Guojusoft, Jeecg | 2 Jeecgboot, Jeecgboot | 2025-09-29 | 4.3 Medium |
| A security flaw has been discovered in JeecgBoot up to 3.8.2. The affected element is an unknown function of the file /sys/user/exportXls of the component Filter Handler. The manipulation results in improper authorization. The attack may be performed from remote. The exploit has been released to the public and may be exploited. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-10980 | 2 Guojusoft, Jeecg | 2 Jeecgboot, Jeecgboot | 2025-09-29 | 4.3 Medium |
| A security vulnerability has been detected in JeecgBoot up to 3.8.2. This affects an unknown function of the file /sys/position/exportXls. Such manipulation leads to improper authorization. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-10979 | 2 Guojusoft, Jeecg | 2 Jeecgboot, Jeecgboot | 2025-09-29 | 4.3 Medium |
| A weakness has been identified in JeecgBoot up to 3.8.2. The impacted element is an unknown function of the file /sys/role/exportXls. This manipulation causes improper authorization. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be exploited. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-10981 | 2 Guojusoft, Jeecg | 2 Jeecgboot, Jeecgboot | 2025-09-29 | 4.3 Medium |
| A vulnerability was detected in JeecgBoot up to 3.8.2. This impacts an unknown function of the file /sys/tenant/exportXls. Performing manipulation results in improper authorization. The attack can be initiated remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-10770 | 1 Jeecg | 1 Jimureport | 2025-09-22 | 6.3 Medium |
| A vulnerability was found in jeecgboot JimuReport up to 2.1.2. This impacts an unknown function of the file /drag/onlDragDataSource/testConnection of the component MySQL JDBC Handler. Performing manipulation results in deserialization. Remote exploitation of the attack is possible. The exploit has been made public and could be used. | ||||
| CVE-2025-10771 | 1 Jeecg | 1 Jimureport | 2025-09-22 | 6.3 Medium |
| A vulnerability was determined in jeecgboot JimuReport up to 2.1.2. Affected is an unknown function of the file /drag/onlDragDataSource/testConnection of the component DB2 JDBC Handler. Executing manipulation of the argument clientRerouteServerListJNDIName can lead to deserialization. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized. | ||||
| CVE-2025-10707 | 1 Jeecg | 1 Jeecgboot | 2025-09-22 | 6.3 Medium |
| A weakness has been identified in JeecgBoot up to 3.8.2. Affected is an unknown function of the file /message/sysMessageTemplate/sendMsg. Executing manipulation can lead to improper authorization. The attack may be launched remotely. The exploit has been made available to the public and could be exploited. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-10319 | 1 Jeecg | 1 Jeecgboot | 2025-09-15 | 4.3 Medium |
| A security flaw has been discovered in JeecgBoot up to 3.8.2. Affected by this issue is some unknown functionality of the file /sys/tenant/exportLog of the component Tenant Log Export. The manipulation results in improper authorization. The attack can be launched remotely. The exploit has been released to the public and may be exploited. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-10318 | 1 Jeecg | 1 Jeecgboot | 2025-09-15 | 6.3 Medium |
| A vulnerability was identified in JeecgBoot up to 3.8.2. Affected by this vulnerability is an unknown functionality of the file /api/system/sendWebSocketMsg of the component WebSocket Message Handler. The manipulation of the argument userIds leads to improper authorization. The attack can be initiated remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-8963 | 1 Jeecg | 1 Jimureport | 2025-08-16 | 6.3 Medium |
| A vulnerability was determined in jeecgboot JimuReport up to 2.1.1. Affected by this issue is some unknown functionality of the file /drag/onlDragDataSource/testConnection of the component Data Large Screen Template. The manipulation leads to deserialization. The attack may be launched remotely. The vendor response to the GitHub issue report is: "Modified, next version updated". | ||||
| CVE-2023-4450 | 1 Jeecg | 1 Jimureport | 2025-07-02 | 6.3 Medium |
| A vulnerability was found in jeecgboot JimuReport up to 1.6.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component Template Handler. The manipulation leads to injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.6.1 is able to address this issue. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-237571. | ||||
| CVE-2024-48307 | 1 Jeecg | 2 Jeecg Boot, Jeecgboot | 2025-06-27 | 9.8 Critical |
| JeecgBoot v3.7.1 was discovered to contain a SQL injection vulnerability via the component /onlDragDatasetHead/getTotalData. | ||||
| CVE-2022-45210 | 1 Jeecg | 1 Jeecg Boot | 2025-04-29 | 4.3 Medium |
| Jeecg-boot v3.4.3 was discovered to contain a SQL injection vulnerability via the component /sys/user/deleteRecycleBin. | ||||
| CVE-2022-45208 | 1 Jeecg | 1 Jeecg Boot | 2025-04-29 | 4.3 Medium |
| Jeecg-boot v3.4.3 was discovered to contain a SQL injection vulnerability via the component /sys/user/putRecycleBin. | ||||