Lucene search
K

574 matches found

ATTACKERKB
ATTACKERKB
added 2026/06/01 8:30 a.m.11 views

CVE-2026-10241

A security flaw has been discovered in jeecgboot The server processes these URLs up to 3.9.1. This affects the function FileDownloadUtils.download2DiskFromNet of the file /airag/app/debug of the component Cloud Instance Metadata Endpoint. The manipulation results in server-side request forgery. T...

6.5CVSS6.2AI score0.0027EPSS
Exploits0References6Affected Software1
CVE
CVE
added 2026/06/01 8:30 a.m.36 views

CVE-2026-10241

Summary of CVE-2026-10241 : In jeecgboot, the server-side component is affected via the function FileDownloadUtils.download2DiskFromNet in the file path /airag/app/debug within the Cloud Instance Metadata Endpoint . The issue enables a server-side request forgery (SSRF) condition that can be trig...

6.5CVSS6.2AI score0.0027EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/06/01 8:15 a.m.11 views

CVE-2026-10240

A vulnerability was identified in JeecgBoot up to 3.9.2. The impacted element is an unknown function of the file /airag/airagModel/test. The manipulation of the argument baseUrl leads to server-side request forgery. The attack is possible to be carried out remotely. The exploit is publicly...

6.5CVSS6.3AI score0.0027EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/06/01 8:15 a.m.9 views

CVE-2026-10240 JeecgBoot test server-side request forgery

A vulnerability was identified in JeecgBoot up to 3.9.2. The impacted element is an unknown function of the file /airag/airagModel/test. The manipulation of the argument baseUrl leads to server-side request forgery. The attack is possible to be carried out remotely. The exploit is publicly...

6.5CVSS6.3AI score0.0027EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/06/01 8:15 a.m.42 views

CVE-2026-10240 JeecgBoot test server-side request forgery

A vulnerability was identified in JeecgBoot up to 3.9.2. The impacted element is an unknown function of the file /airag/airagModel/test. The manipulation of the argument baseUrl leads to server-side request forgery. The attack is possible to be carried out remotely. The exploit is publicly...

6.5CVSS0.0027EPSS
Exploits0References6
CVE
CVE
added 2026/06/01 8:15 a.m.24 views

CVE-2026-10240

JeecgBoot up to 3.9.2 contains a server-side request forgery (SSRF) vulnerability in an unknown function of /airag/airagModel/test, triggered by manipulating the baseUrl argument. It is exploitable remotely and a public exploit exists. A fix is planned for the upcoming release.

6.5CVSS6.3AI score0.0027EPSS
Exploits0References6
EUVD
EUVD
added 2026/06/01 8:15 a.m.25 views

EUVD-2026-33603

A vulnerability was identified in JeecgBoot up to 3.9.2. The impacted element is an unknown function of the file /airag/airagModel/test. The manipulation of the argument baseUrl leads to server-side request forgery. The attack is possible to be carried out remotely. The exploit is publicly...

6.5CVSS6.3AI score0.0027EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/06/01 8:0 a.m.43 views

CVE-2026-10239 JeecgBoot edit WordUtil.addImage server-side request forgery

A vulnerability was determined in JeecgBoot up to 3.9.2. The affected element is the function WordUtil.addImage of the file /airag/word/edit. Executing a manipulation can lead to server-side request forgery. The attack can be executed remotely. The exploit has been publicly disclosed and may be...

6.5CVSS0.0027EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/06/01 8:0 a.m.11 views

CVE-2026-10239 JeecgBoot edit WordUtil.addImage server-side request forgery

A vulnerability was determined in JeecgBoot up to 3.9.2. The affected element is the function WordUtil.addImage of the file /airag/word/edit. Executing a manipulation can lead to server-side request forgery. The attack can be executed remotely. The exploit has been publicly disclosed and may be...

6.5CVSS6.3AI score0.0027EPSS
Exploits0References6
EUVD
EUVD
added 2026/06/01 8:0 a.m.10 views

EUVD-2026-33601

A vulnerability was determined in JeecgBoot up to 3.9.2. The affected element is the function WordUtil.addImage of the file /airag/word/edit. Executing a manipulation can lead to server-side request forgery. The attack can be executed remotely. The exploit has been publicly disclosed and may be...

6.5CVSS6.3AI score0.0027EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/06/01 8:0 a.m.10 views

CVE-2026-10239

A vulnerability was determined in JeecgBoot up to 3.9.2. The affected element is the function WordUtil.addImage of the file /airag/word/edit. Executing a manipulation can lead to server-side request forgery. The attack can be executed remotely. The exploit has been publicly disclosed and may be...

6.5CVSS6.3AI score0.0027EPSS
Exploits0References6
CVE
CVE
added 2026/06/01 8:0 a.m.19 views

CVE-2026-10239

JeecgBoot up to 3.9.2 has a vulnerability in WordUtil.addImage in /airag/word/edit that can enable server-side request forgery (SSRF) via remote manipulation. Public exploit details exist and exploit maturity is reported as PROOF-OF-CONCEPT. The referenced CVSS data indicate network access with l...

6.5CVSS6.3AI score0.0027EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/01 12:0 a.m.16 views

PT-2026-45350

A security flaw has been discovered in jeecgboot The server processes these URLs up to 3.9.1. This affects the function FileDownloadUtils.download2DiskFromNet of the file /airag/app/debug of the component Cloud Instance Metadata Endpoint. The manipulation results in server-side request forgery. T...

6.5CVSS6.2AI score0.0027EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/01 12:0 a.m.13 views

PT-2026-45348

A vulnerability was determined in JeecgBoot up to 3.9.2. The affected element is the function WordUtil.addImage of the file /airag/word/edit. Executing a manipulation can lead to server-side request forgery. The attack can be executed remotely. The exploit has been publicly disclosed and may be...

6.5CVSS6.3AI score0.0027EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/01 12:0 a.m.28 views

PT-2026-45349

A vulnerability was identified in JeecgBoot up to 3.9.2. The impacted element is an unknown function of the file /airag/airagModel/test. The manipulation of the argument baseUrl leads to server-side request forgery. The attack is possible to be carried out remotely. The exploit is publicly...

6.5CVSS6.3AI score0.0027EPSS
Exploits0References7
CNNVD
CNNVD
added 2026/06/01 12:0 a.m.11 views

JeecgBoot 代码问题漏洞

JeecgBoot is a Java low-code platform developed by Jeecg Corporation, designed for enterprise web applications. JeecgBoot versions 3.9.2 and earlier have code vulnerabilities related to the WordUtil.addImage function in the /airag/word/edit file. These vulnerabilities may lead to server-side...

6.5CVSS6.5AI score0.0027EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/06/01 12:0 a.m.10 views

JeecgBoot 代码问题漏洞

JeecgBoot is a Java low-code platform developed by Jeecg Corporation, designed for enterprise web applications. JeecgBoot versions 3.9.2 and earlier have code vulnerabilities. These vulnerabilities stem from incorrect operations with the parameter baseUrl in the /airag/airagModel/test file, which...

6.5CVSS6.6AI score0.0027EPSS
Exploits0References7
CNNVD
CNNVD
added 2026/06/01 12:0 a.m.15 views

JeecgBoot 代码问题漏洞

JeecgBoot is a Java low-code platform developed by Jeecg Corporation, designed for enterprise web applications. JeecgBoot versions 3.9.1 and earlier contain code vulnerabilities. These vulnerabilities stem from a server-side request forgeing vulnerability in the...

6.5CVSS6.6AI score0.0027EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/05/28 2:16 p.m.14 views

CVE-2026-9581

A vulnerability was identified in JeecgBoot up to 3.9.1. The impacted element is an unknown function of the file /sys/comment/add. Such manipulation leads to improper access controls. The attack can be executed remotely. The exploit is publicly available and might be used. Upgrading to version...

6.5CVSS6.2AI score0.00209EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/27 8:14 p.m.10 views

CVE-2026-9579

A vulnerability was found in JeecgBoot up to 3.9.1. Impacted is the function user.getUsername of the file /sys/user/login/setting/userEdit of the component SysUser. The manipulation of the argument userIdentity results in improper access controls. The attack may be launched remotely. The exploit...

6.5CVSS6.2AI score0.00209EPSS
Exploits0References1
Rows per page
Query Builder