CVE-2026-36418

JimuReport versions 2.3.4 and below are vulnerable to remote code execution due to improper handling of Aviator expressions. The /jmreport/executeSelectApi endpoint passes user-supplied input directly to the Aviator expression engine without adequate validation allowing attackers to execute...

JeeWMS 安全漏洞

JeeWMS is a JAVA-based warehouse management system developed by JeeWMS Corporation in China. There is a security vulnerability in JeeWMS. This vulnerability stems from incorrect operations with parameters such as dbType/dbDriver/dbUrl/dbUsername/dbPassword in the JimuReport test-connection Endpoi...

CVE-2025-66913

JimuReport thru version 2.1.3 is vulnerable to remote code execution when processing user-controlled H2 JDBC URLs. The application passes the attacker-supplied JDBC URL directly to the H2 driver, allowing the use of certain directives to execute arbitrary Java code. A different vulnerability than...

CVE-2025-66913

Summary (CVE-2025-66913) JimuReport (through v2.1.3) is vulnerable to remote code execution when handling user-controlled H2 JDBC URLs: the application passes the attacker-supplied JDBC URL directly to the H2 driver, allowing directives to execute arbitrary Java code. The issue is distinct from C...

CVE-2025-66913

JimuReport thru version 2.1.3 is vulnerable to remote code execution when processing user-controlled H2 JDBC URLs. The application passes the attacker-supplied JDBC URL directly to the H2 driver, allowing the use of certain directives to execute arbitrary Java code. A different vulnerability than...

CVE-2025-10770 jeecgboot JimuReport MySQL JDBC testConnection deserialization

A vulnerability was found in jeecgboot JimuReport up to 2.1.2. This impacts an unknown function of the file /drag/onlDragDataSource/testConnection of the component MySQL JDBC Handler. Performing manipulation results in deserialization. Remote exploitation of the attack is possible. The exploit ha...

CVE-2025-10770

CVE-2025-10770 affects Jeecgboot JimuReport up to version 2.1.2, where deserialization occurs in the MySQL JDBC Handler via an attacker-controlled input in the file path /drag/onlDragDataSource/testConnection. This allows remote code execution; the exploit has been publicly disclosed. The Red Hat...

CVE-2025-8963

A vulnerability was determined in jeecgboot JimuReport up to 2.1.1. Affected by this issue is some unknown functionality of the file /drag/onlDragDataSource/testConnection of the component Data Large Screen Template. The manipulation leads to deserialization. The attack may be launched remotely...

CVE-2024-44893

An issue in the component /jeecg-boot/jmreport/dict/list of JimuReport v1.7.8 allows attacker to escalate privileges via a crafted GET request...