Lucene search
K

5 matches found

NVD
NVD
added 2026/02/02 6:16 a.m.9 views

CVE-2026-1746

A vulnerability was identified in JeecgBoot 3.9.0. This vulnerability affects unknown code of the file /JeecgBoot/sys/api/loadDictItemByKeyword of the component Online Report API. Such manipulation of the argument keyword leads to sql injection. The attack can be executed remotely. The exploit is...

8.8CVSS0.00444EPSS
Exploits1References4
OSV
OSV
added 2025/12/28 7:15 a.m.5 views

CVE-2025-15125

A security flaw has been discovered in JeecgBoot up to 3.9.0. Affected is the function queryDepartPermission of the file /sys/permission/queryDepartPermission. The manipulation of the argument departId results in improper authorization. The attack can be launched remotely. This attack is...

3.1CVSS6.5AI score
Exploits0References4
NVD
NVD
added 2025/09/25 11:15 p.m.8 views

CVE-2025-10979

A weakness has been identified in JeecgBoot up to 3.8.2. The impacted element is an unknown function of the file /sys/role/exportXls. This manipulation causes improper authorization. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be...

6.5CVSS0.00368EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2025/08/22 12:0 a.m.3 views

CVE-2025-51825

JeecgBoot versions from 3.4.3 up to 3.8.0 were found to contain a SQL injection vulnerability in the /jeecg-boot/online/cgreport/head/parseSql endpoint, which allows bypassing SQL blacklist restrictions...

7.5AI score0.00224EPSS
Exploits1References2
OSV
OSV
added 2025/02/07 10:15 p.m.3 views

CVE-2024-57606

SQL injection vulnerability in Beijing Guoju Information Technology Co., Ltd JeecgBoot v.3.7.2 allows a remote attacker to obtain sensitive information via the getTotalData component...

7.5CVSS7.7AI score
Exploits0References1
Rows per page
Query Builder