CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CVE•added 2026/06/17 12:0 a.m.•19 views

CVE-2026-36418

The CVE concerns JimuReport versions ≤ 2.3.4, where remote code execution is possible via the /jmreport/executeSelectApi endpoint due to inadequate validation of user input passed to the Aviator expression engine. This is caused by improper handling of Aviator expressions, allowing arbitrary code...

9.1CVSS6.8AI score0.00471EPSS

NVD•added 2026/06/07 9:16 a.m.•13 views

CVE-2026-11457

A security flaw has been discovered in erzhongxmu JeeWMS up to 141740afb2ba14d441c82a833d0a418d07ca2d69. This vulnerability affects unknown code of the file /base-boot/jmreport/testConnection of the component JimuReport test-connection Endpoint. Performing a manipulation of the argument...

7.5CVSS0.00329EPSS

Exploits0References5

CVE•added 2026/06/07 7:45 a.m.•25 views

CVE-2026-11457

CVE-2026-11457 affects erzhongxmu JeeWMS, specifically the JimuReport test-connection endpoint’s file /base-boot/jmreport/testConnection. The vulnerability arises from injectable parameters in dbType, dbDriver, dbUrl, dbUsername, and dbPassword, enabling injection via crafted input. Remote exploi...

7.5CVSS6.8AI score0.00329EPSS

Exploits0References5

Vulnrichment•added 2026/06/07 7:45 a.m.•6 views

CVE-2026-11457 erzhongxmu JeeWMS JimuReport test-connection Endpoint testConnection injection

7.5CVSS6.8AI score0.00329EPSS

Exploits0References5

RedhatCVE•added 2026/06/05 7:49 p.m.•8 views

CVE-2026-5848

A vulnerability was found in jeecgboot JimuReport up to 2.3.0. The affected element is the function DriverManager.getConnection of the file /drag/onlDragDataSource/testConnection of the component Data Source Handler. Performing a manipulation of the argument dbUrl results in code injection. The...

5.8CVSS5.3AI score0.00311EPSS

EUVD•added 2026/04/09 6:30 a.m.•3 views

EUVD-2026-20858

NVD•added 2026/04/09 6:16 a.m.•3 views

Exploits0References7

CVE-2026-5848

5.8CVSS0.00311EPSS

Vulnrichment•added 2026/04/09 5:15 a.m.•1 views

CVE-2026-5848 jeecgboot JimuReport Data Source testConnection DriverManager.getConnection code injection

Cvelist•added 2026/04/09 5:15 a.m.•27 views

CVE-2026-5848 jeecgboot JimuReport Data Source testConnection DriverManager.getConnection code injection

5.8CVSS0.00311EPSS

ATTACKERKB•added 2026/04/09 5:15 a.m.•2 views

CVE-2026-5848

Exploits0References6Affected Software1

CVE•added 2026/04/09 5:15 a.m.•11 views

CVE-2026-5848

CVE-2026-5848 affects jeecgboot JimuReport up to version 2.3.0. The vulnerability lies in the Data Source Handler’s testConnection path, specifically the function DriverManager.getConnection, where manipulating the argument dbUrl can lead to code injection. The issue can be exploited remotely and...

CNNVD•added 2026/04/09 12:0 a.m.•4 views

JimuReport 代码注入漏洞

JimuReport is a free reporting tool developed by JEECG in China. Versions of JimuReport 2.3.0 and earlier had a code injection vulnerability. This vulnerability stemmed from incorrect handling of the parameter dbUrl in the DriverManager.getConnection function within the Data Source Handler...

5.8CVSS5.9AI score0.00311EPSS

Positive Technologies•added 2026/04/09 12:0 a.m.•5 views

PT-2026-31587

Name of the Vulnerable Software and Affected Versions jeecgboot JimuReport versions up to 2.3.0 Description A code injection issue exists in the Data Source Handler component of jeecgboot JimuReport, specifically within the DriverManager.getConnection function located in the...

RedhatCVE•added 2026/01/09 9:25 a.m.•9 views

Exploits0References9

CVE-2023-4450

9.8CVSS7.3AI score0.11407EPSS