Lucene search
K

11 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:47 p.m.10 views

CVE-2026-9604

A vulnerability was detected in JeecgBoot up to 3.9.1. This vulnerability affects unknown code of the component AiragModelController. The manipulation of the argument list/queryById results in improper access controls. The attack can be executed remotely. The exploit is now public and may be used...

5.3CVSS5.2AI score0.00222EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/26 2:13 p.m.12 views

CVE-2026-9373

A vulnerability has been found in JeecgBoot 3.9.1. This issue affects some unknown processing of the file /openapi/call/ of the component OpenAPI Endpoint. Such manipulation leads to improper authentication. The attack can be executed remotely. A high complexity level is associated with this...

6.3CVSS5.1AI score0.00357EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/24 10:15 a.m.18 views

CVE-2026-9373

A vulnerability has been found in JeecgBoot 3.9.1. This issue affects some unknown processing of the file /openapi/call/ of the component OpenAPI Endpoint. Such manipulation leads to improper authentication. The attack can be executed remotely. A high complexity level is associated with this...

6.3CVSS5.1AI score0.00357EPSS
Exploits0References4
NVD
NVD
added 2026/05/09 9:16 p.m.59 views

CVE-2026-8196

A flaw has been found in JeecgBoot 3.9.1. The impacted element is an unknown function of the file jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/LoginController.java of the component mLogin Endpoint. This manipulation causes authorization bypass. The attack...

6.3CVSS0.00463EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/05/09 8:15 p.m.8 views

CVE-2026-8196 JeecgBoot mLogin Endpoint LoginController.java authorization

A flaw has been found in JeecgBoot 3.9.1. The impacted element is an unknown function of the file jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/LoginController.java of the component mLogin Endpoint. This manipulation causes authorization bypass. The attack...

6.3CVSS5.2AI score0.00463EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/05/09 8:15 p.m.7 views

CVE-2026-8196

A flaw has been found in JeecgBoot 3.9.1. The impacted element is an unknown function of the file jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/LoginController.java of the component mLogin Endpoint. This manipulation causes authorization bypass. The attack...

6.3CVSS5.2AI score0.00463EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/09 12:0 a.m.8 views

JeecgBoot 授权问题漏洞

JeecgBoot is a Java low-code platform developed by Jeecg Corporation, designed for enterprise web applications. Version 3.9.1 of JeecgBoot contains an authorization vulnerability. This vulnerability stems from an unknown function in the mLogin Endpoint’s file...

6.3CVSS5.7AI score0.00463EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/02 12:0 a.m.5 views

PT-2026-36570

A vulnerability was determined in JeecgBoot up to 3.9.1. Affected by this issue is the function checkPathTraversalBatch of the file FileDownloadUtils.jav of the component LoadFile Endpoint. This manipulation of the argument files causes server-side request forgery. It is possible to initiate the...

6.5CVSS5.5AI score0.00268EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2026/04/06 3:15 a.m.2 views

CVE-2026-5616

A security vulnerability has been detected in JeecgBoot 3.9.0/3.9.1. The impacted element is an unknown function of the file jeecg-boot/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/airag/JeecgBizToolsProvider.java of the component AI Chat Module. Such manipulation leads to...

7.5CVSS6.6AI score0.00409EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 2026/02/17 1:27 p.m.4 views

CVE-2026-2555

A weakness has been identified in JeecgBoot 3.9.1. This vulnerability affects the function importDocumentFromZip of the file org/jeecg/modules/airag/llm/controller/AiragKnowledgeController.java of the component Retrieval-Augmented Generation. Executing a manipulation can lead to deserialization...

7.5CVSS5.1AI score0.0031EPSS
Exploits1References1
CVE
CVE
added 2026/02/16 12:2 p.m.20 views

CVE-2026-2555

CVE-2026-2555 affects JeecgBoot 3.9.1 in the Retrieval-Augmented Generation component, specifically the importDocumentFromZip function in AiragKnowledgeController.java. The issue is a deserialization vulnerability triggered by manipulating input, allowing a remote attacker to exploit the flaw. Th...

7.5CVSS5.1AI score0.0031EPSS
Exploits1References5Affected Software1
Rows per page
Query Builder