Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

66 matches found

NVD
NVDadded 5 days ago11 views

CVE-2026-11457

A security flaw has been discovered in erzhongxmu JeeWMS up to 141740afb2ba14d441c82a833d0a418d07ca2d69. This vulnerability affects unknown code of the file /base-boot/jmreport/testConnection of the component JimuReport test-connection Endpoint. Performing a manipulation of the argument...

7.5CVSS0.00047EPSS
Exploits0References5
Vulnrichment
Vulnrichmentadded 5 days ago3 views

CVE-2026-11457 erzhongxmu JeeWMS JimuReport test-connection Endpoint testConnection injection

A security flaw has been discovered in erzhongxmu JeeWMS up to 141740afb2ba14d441c82a833d0a418d07ca2d69. This vulnerability affects unknown code of the file /base-boot/jmreport/testConnection of the component JimuReport test-connection Endpoint. Performing a manipulation of the argument...

7.5CVSS6.8AI score0.00047EPSS
Exploits0References5
CVE
CVEadded 5 days ago18 views

CVE-2026-11457

CVE-2026-11457 affects erzhongxmu JeeWMS, specifically the JimuReport test-connection endpoint’s file /base-boot/jmreport/testConnection. The vulnerability arises from injectable parameters in dbType, dbDriver, dbUrl, dbUsername, and dbPassword, enabling injection via crafted input. Remote exploi...

7.5CVSS6.8AI score0.00047EPSS
Exploits0References5
RedhatCVE
RedhatCVEadded last week5 views

CVE-2026-5848

A vulnerability was found in jeecgboot JimuReport up to 2.3.0. The affected element is the function DriverManager.getConnection of the file /drag/onlDragDataSource/testConnection of the component Data Source Handler. Performing a manipulation of the argument dbUrl results in code injection. The...

5.8CVSS5.3AI score0.00023EPSS
Exploits0References1
Nuclei
Nucleiadded 2026/06/04 3:48 a.m.203 views

JeecgBoot JimuReport - Template injection

A vulnerability was found in jeecgboot JimuReport up to 1.6.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component Template Handler. The manipulation leads to injection. The attack can be launched remotely. The exploit has been disclosed t...

9.8CVSS6.3AI score0.91049EPSS
Exploits0References3
EUVD
EUVDadded 2026/04/09 6:30 a.m.2 views

EUVD-2026-20858

A vulnerability was found in jeecgboot JimuReport up to 2.3.0. The affected element is the function DriverManager.getConnection of the file /drag/onlDragDataSource/testConnection of the component Data Source Handler. Performing a manipulation of the argument dbUrl results in code injection. The...

5.8CVSS5.6AI score0.00023EPSS
Exploits0References7
NVD
NVDadded 2026/04/09 6:16 a.m.2 views

CVE-2026-5848

A vulnerability was found in jeecgboot JimuReport up to 2.3.0. The affected element is the function DriverManager.getConnection of the file /drag/onlDragDataSource/testConnection of the component Data Source Handler. Performing a manipulation of the argument dbUrl results in code injection. The...

5.8CVSS0.00023EPSS
Exploits0References6
Cvelist
Cvelistadded 2026/04/09 5:15 a.m.26 views

CVE-2026-5848 jeecgboot JimuReport Data Source testConnection DriverManager.getConnection code injection

A vulnerability was found in jeecgboot JimuReport up to 2.3.0. The affected element is the function DriverManager.getConnection of the file /drag/onlDragDataSource/testConnection of the component Data Source Handler. Performing a manipulation of the argument dbUrl results in code injection. The...

5.8CVSS0.00023EPSS
Exploits0References6
Vulnrichment
Vulnrichmentadded 2026/04/09 5:15 a.m.0 views

CVE-2026-5848 jeecgboot JimuReport Data Source testConnection DriverManager.getConnection code injection

A vulnerability was found in jeecgboot JimuReport up to 2.3.0. The affected element is the function DriverManager.getConnection of the file /drag/onlDragDataSource/testConnection of the component Data Source Handler. Performing a manipulation of the argument dbUrl results in code injection. The...

5.8CVSS5.6AI score0.00023EPSS
Exploits0References6
CVE
CVEadded 2026/04/09 5:15 a.m.11 views

CVE-2026-5848

CVE-2026-5848 affects jeecgboot JimuReport up to version 2.3.0. The vulnerability lies in the Data Source Handler’s testConnection path, specifically the function DriverManager.getConnection, where manipulating the argument dbUrl can lead to code injection. The issue can be exploited remotely and...

5.8CVSS5.6AI score0.00023EPSS
Exploits0References6
ATTACKERKB
ATTACKERKBadded 2026/04/09 5:15 a.m.1 views

CVE-2026-5848

A vulnerability was found in jeecgboot JimuReport up to 2.3.0. The affected element is the function DriverManager.getConnection of the file /drag/onlDragDataSource/testConnection of the component Data Source Handler. Performing a manipulation of the argument dbUrl results in code injection. The...

5.8CVSS5.6AI score0.00023EPSS
Exploits0References6Affected Software1
Positive Technologies
Positive Technologiesadded 2026/04/09 12:0 a.m.3 views

PT-2026-31587

Name of the Vulnerable Software and Affected Versions jeecgboot JimuReport versions up to 2.3.0 Description A code injection issue exists in the Data Source Handler component of jeecgboot JimuReport, specifically within the DriverManager.getConnection function located in the...

5.8CVSS5.6AI score0.00023EPSS
Exploits0References9
CNNVD
CNNVDadded 2026/04/09 12:0 a.m.4 views

JimuReport 代码注入漏洞

JimuReport is a free reporting tool developed by JEECG in China. Versions of JimuReport 2.3.0 and earlier had a code injection vulnerability. This vulnerability stemmed from incorrect handling of the parameter dbUrl in the DriverManager.getConnection function within the Data Source Handler...

5.8CVSS5.9AI score0.00023EPSS
Exploits0References6
RedhatCVE
RedhatCVEadded 2026/01/09 9:25 a.m.8 views

CVE-2023-4450

A vulnerability was found in jeecgboot JimuReport up to 1.6.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component Template Handler. The manipulation leads to injection. The attack can be launched remotely. The exploit has been disclosed t...

9.8CVSS7.3AI score0.91049EPSS
Exploits0References1
NVD
NVDadded 2026/01/08 8:15 p.m.4 views

CVE-2025-66913

JimuReport thru version 2.1.3 is vulnerable to remote code execution when processing user-controlled H2 JDBC URLs. The application passes the attacker-supplied JDBC URL directly to the H2 driver, allowing the use of certain directives to execute arbitrary Java code. A different vulnerability than...

9.8CVSS0.00624EPSS
Exploits1References2
OSV
OSVadded 2026/01/08 8:15 p.m.3 views

CVE-2025-66913

JimuReport thru version 2.1.3 is vulnerable to remote code execution when processing user-controlled H2 JDBC URLs. The application passes the attacker-supplied JDBC URL directly to the H2 driver, allowing the use of certain directives to execute arbitrary Java code. A different vulnerability than...

9.8CVSS6.6AI score
Exploits0References2
CNNVD
CNNVDadded 2026/01/08 12:0 a.m.1 views

JimuReport 安全漏洞

JimuReport is a free reporting tool open-sourced by JEECG in China. A security vulnerability exists in JimuReport 2.1.3 and prior versions, which stems from unauthenticated handling of user-controlled H2 JDBC URLs and could lead to remote code execution...

9.8CVSS7.2AI score0.00624EPSS
Exploits1References2
Cvelist
Cvelistadded 2026/01/08 12:0 a.m.19 views

CVE-2025-66913

JimuReport thru version 2.1.3 is vulnerable to remote code execution when processing user-controlled H2 JDBC URLs. The application passes the attacker-supplied JDBC URL directly to the H2 driver, allowing the use of certain directives to execute arbitrary Java code. A different vulnerability than...

0.00624EPSS
Exploits1References2
Positive Technologies
Positive Technologiesadded 2026/01/08 12:0 a.m.2 views

PT-2026-1866

Name of the Vulnerable Software and Affected Versions JimuReport versions through 2.1.3 Description The software is susceptible to remote code execution when handling user-supplied H2 JDBC URLs. The application directly passes the attacker-controlled JDBC URL to the H2 driver, enabling the use of...

9.8CVSS7.2AI score0.00624EPSS
Exploits1References8
EUVD
EUVDadded 2025/10/03 8:7 p.m.4 views

EUVD-2025-30382

Malicious code in bioql PyPI...

6.5CVSS6.6AI score0.0009EPSS
Exploits1References6
Rows per page
Query Builder