Approved changes feed: RSS · Atom
cpe:2.3:a:n/a:jeecgboot:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | N/A (22f567d3-1203-528c-8f0e-3eb9c2f6ca78) |
|---|---|
| Product | Jeecgboot (d01e88ef-afad-5183-a1c4-59b2db7df7b3) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2026-8196 |
vulnerable | 2026-06-08 08:08:58.191613 |
JeecgBoot mLogin Endpoint LoginController.java authorization
LOW (3.7)
A flaw has been found in JeecgBoot 3.9.1. The impacted element is an unknown function of the file jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/LoginController.java of the component mLogin Endpoint. This manipulation causes authorization bypass. The attack is possible to be carried out remotely. The attack is considered to have high complexity. The exploitability is regarded as difficult. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Published: 2026-05-09T20:15:11.944Z
Updated: 2026-05-11T16:01:32.052Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2026-8195 |
vulnerable | 2026-06-08 08:08:58.191207 |
JeecgBoot SVG File CommonController.java cross site scripting
MEDIUM (4.3)
A vulnerability was detected in JeecgBoot up to 3.9.1. The affected element is an unknown function of the file jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/CommonController.java of the component SVG File Handler. The manipulation results in cross site scripting. The attack can be executed remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Published: 2026-05-09T20:00:11.428Z
Updated: 2026-05-11T14:55:31.628Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2026-8114 |
vulnerable | 2026-06-08 08:08:58.115966 |
JeecgBoot JSON Object loadTreeData sql injection
MEDIUM (6.3)
A vulnerability was identified in JeecgBoot up to 3.9.1. Affected by this issue is some unknown functionality of the file /sys/dict/loadTreeData of the component JSON Object Handler. The manipulation of the argument condition leads to sql injection. The attack can be initiated remotely. The exploit is publicly available and might be used. The vendor confirms (translated from Chinese): "It should have been fixed; a batch of issues were recently resolved."
Published: 2026-05-07T22:00:11.288Z
Updated: 2026-05-08T14:13:17.322Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2026-7605 |
vulnerable | 2026-06-08 08:08:57.457374 |
JeecgBoot uploadImgByHttpEndpoint CommonController.java HttpFileToMultipartFileUtil.downloadImageData server-side request forgery
MEDIUM (6.3)
A security flaw has been discovered in JeecgBoot up to 3.9.1. This vulnerability affects the function CommonController.uploadImgByHttp/HttpFileToMultipartFileUtil.httpFileToMultipartFile/HttpFileToMultipartFileUtil.downloadImageData of the file CommonController.java of the component uploadImgByHttpEndpoint. Performing a manipulation results in server-side request forgery. The attack can be initiated remotely. The exploit has been released to the public and may be used for attacks. Upgrading the affected component is recommended. The vendor confirmed the issue and will provide a fix in the upcoming release.
Published: 2026-05-02T06:15:12.060Z
Updated: 2026-05-04T17:51:57.020Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2026-7604 |
vulnerable | 2026-06-08 08:08:57.456956 |
JeecgBoot OpenApi Service OpenApiController.java OpenApiController.call server-side request forgery
MEDIUM (6.3)
A vulnerability was identified in JeecgBoot up to 3.9.1. This affects the function OpenApiController.add/OpenApiController.call of the file OpenApiController.java of the component OpenApi Service. Such manipulation of the argument originUrl database leads to server-side request forgery. It is possible to launch the attack remotely. The exploit is publicly available and might be used. It is suggested to upgrade the affected component. The vendor confirmed the issue and will provide a fix in the upcoming release.
Published: 2026-05-02T04:45:12.477Z
Updated: 2026-05-04T13:34:29.636Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2026-7603 |
vulnerable | 2026-06-08 08:08:57.456533 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2026-7602 |
vulnerable | 2026-06-08 08:08:57.456121 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2026-7290 |
vulnerable | 2026-06-08 08:08:56.804361 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2026-5999 |
vulnerable | 2026-06-08 08:07:04.356353 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2026-5616 |
vulnerable | 2026-06-08 08:07:03.913831 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2026-3672 |
vulnerable | 2026-06-08 08:01:19.154196 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2026-2945 |
vulnerable | 2026-06-08 07:55:17.865607 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2026-2822 |
vulnerable | 2026-06-08 07:55:17.571719 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2026-2555 |
vulnerable | 2026-06-08 07:55:17.212698 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2026-2111 |
vulnerable | 2026-06-08 07:55:16.557035 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2026-1746 |
vulnerable | 2026-06-08 07:49:09.525045 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-4533 |
vulnerable | 2026-06-08 07:29:16.397038 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-15126 |
vulnerable | 2026-06-08 07:06:35.738547 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-15125 |
vulnerable | 2026-06-08 07:06:35.737930 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-15124 |
vulnerable | 2026-06-08 07:06:35.737356 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-15123 |
vulnerable | 2026-06-08 07:06:35.734950 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-15122 |
vulnerable | 2026-06-08 07:06:35.734626 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-15121 |
vulnerable | 2026-06-08 07:06:35.734285 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-15120 |
vulnerable | 2026-06-08 07:06:35.733911 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-15119 |
vulnerable | 2026-06-08 07:06:35.733390 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-14909 |
vulnerable | 2026-06-08 07:06:35.344768 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-14908 |
vulnerable | 2026-06-08 07:06:35.343423 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-10981 |
vulnerable | 2026-06-08 07:02:27.886728 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-10980 |
vulnerable | 2026-06-08 07:02:27.886364 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-10979 |
vulnerable | 2026-06-08 07:02:27.885864 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-10978 |
vulnerable | 2026-06-08 07:02:27.885491 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-10977 |
vulnerable | 2026-06-08 07:02:27.885013 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-10976 |
vulnerable | 2026-06-08 07:02:27.884550 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-10707 |
vulnerable | 2026-06-08 07:02:27.376518 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-10319 |
vulnerable | 2026-06-08 07:02:26.701161 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-10318 |
vulnerable | 2026-06-08 07:02:26.699497 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.