Lucene search
K

10 matches found

Vulnrichment
Vulnrichment
added 2025/12/28 6:32 a.m.2 views

CVE-2025-15124 JeecgBoot list getParameterMap improper authorization

A vulnerability was identified in JeecgBoot up to 3.9.0. This impacts the function getParameterMap of the file /sys/sysDepartPermission/list. The manipulation of the argument departId leads to improper authorization. The attack can be initiated remotely. The attack's complexity is rated as high...

3.1CVSS3.7AI score0.0027EPSS
Exploits1References4
EUVD
EUVD
added 2025/12/28 6:31 a.m.2 views

EUVD-2025-205495

A vulnerability was found in JeecgBoot up to 3.9.0. The impacted element is the function loadDatarule of the file /sys/sysDepartRole/datarule/. Performing manipulation of the argument departId/roleId results in improper authorization. It is possible to initiate the attack remotely. The attack is...

3.1CVSS6.2AI score0.0027EPSS
Exploits1References5
CVE
CVE
added 2025/12/28 4:32 a.m.13 views

CVE-2025-15121

JeecgBoot up to 3.9.0 is affected by an information-disclosure vulnerability in getDeptRoleByUserId (/sys/sysDepartRole/getDeptRoleByUserId). Manipulating the departId parameter may disclose information. According to connected reports, vendor contact was made but no response; no patch details are...

4.9CVSS6.1AI score0.00429EPSS
Exploits1References4Affected Software1
CNNVD
CNNVD
added 2025/12/28 12:0 a.m.3 views

JeecgBoot 授权问题漏洞

JeecgBoot is a low-code development platform that fuses code generation and AI applications to help organizations rapidly achieve low-code development and build AI applications. JeecgBoot has an authorization issue vulnerability that originates from improper authorization of the parameter departI...

3.1CVSS5.8AI score0.0027EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2025/12/28 12:0 a.m.4 views

PT-2025-53636

Name of the Vulnerable Software and Affected Versions JeecgBoot versions up to 3.9.0 Description A flaw exists in JeecgBoot that allows information disclosure. The issue is related to the getDeptRoleByUserId function located in the /sys/sysDepartRole/getDeptRoleByUserId file. Manipulation of the...

4.9CVSS6AI score0.00429EPSS
Exploits1References8
Positive Technologies
Positive Technologies
added 2025/12/28 12:0 a.m.6 views

PT-2025-53639

Name of the Vulnerable Software and Affected Versions JeecgBoot versions prior to 3.9.0 Description A security issue exists in JeecgBoot that allows for improper authorization. This is due to the manipulation of the departId argument within the getParameterMap function located in the...

3.1CVSS6.2AI score0.0027EPSS
Exploits1References8
Positive Technologies
Positive Technologies
added 2025/12/28 12:0 a.m.7 views

PT-2025-53640

Name of the Vulnerable Software and Affected Versions JeecgBoot versions up to 3.9.0 Description A security issue exists in JeecgBoot that allows for remote authorization bypass. This is due to improper authorization resulting from the manipulation of the departId argument within the...

3.1CVSS5.7AI score0.0027EPSS
Exploits1References9
CVE
CVE
added 2025/09/25 10:2 p.m.19 views

CVE-2025-10976

CVE-2025-10976 affects JeecgBoot up to version 3.8.2, where improper authorization can be triggered by manipulating the departId parameter in the /api/getDepartUserList endpoint. The issue is exploitable remotely, with high attack complexity and a disclosed exploit. Public references consistently...

5.3CVSS4.3AI score0.00345EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2025/09/25 10:2 p.m.11 views

CVE-2025-10976 JeecgBoot getDepartUserList improper authorization

A vulnerability was determined in JeecgBoot up to 3.8.2. This issue affects some unknown processing of the file /api/getDepartUserList. Executing manipulation of the argument departId can lead to improper authorization. The attack can be executed remotely. This attack is characterized by high...

3.1CVSS0.00345EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2025/09/25 12:0 a.m.5 views

PT-2025-39460

Name of the Vulnerable Software and Affected Versions JeecgBoot versions prior to 3.8.2 Description A flaw exists in JeecgBoot that involves improper authorization. This issue stems from manipulating the departId argument in the processing of the file '/api/getDepartUserList' API endpoint. The...

5.3CVSS3.9AI score0.00345EPSS
Exploits1References9
Rows per page
Query Builder