Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

JeecgBoot — Vulnerabilities & Security Advisories 36

All 36 CVE vulnerabilities found in JeecgBoot, with AI-generated Chinese analysis, references, and POCs.

Vendor: n/a

CVE IDTitleCVSSSeverityPublished
CVE-2026-8196 JeecgBoot mLogin Endpoint LoginController.java authorization CWE-639 3.7 Low2026-05-09
CVE-2026-8195 JeecgBoot SVG File CommonController.java cross site scripting CWE-79 4.3 Medium2026-05-09
CVE-2026-8114 JeecgBoot JSON Object loadTreeData sql injection CWE-89 6.3 Medium2026-05-07
CVE-2026-7605 JeecgBoot uploadImgByHttpEndpoint CommonController.java HttpFileToMultipartFileUtil.downloadImageData server-side request forgery CWE-918 6.3 Medium2026-05-02
CVE-2026-7604 JeecgBoot OpenApi Service OpenApiController.java OpenApiController.call server-side request forgery CWE-918 6.3 Medium2026-05-02
CVE-2026-7603 JeecgBoot LoadFile Endpoint FileDownloadUtils.jav checkPathTraversalBatch server-side request forgery CWE-918 6.3 Medium2026-05-02
CVE-2026-7602 JeecgBoot FillRuleUtil edit improper authorization CWE-285 6.3 Medium2026-05-02
CVE-2026-7290 JeecgBoot loadDict Endpoint SqlInjectionUtil.java SqlInjectionUtil sql injection CWE-89 6.3 Medium2026-04-28
CVE-2026-5999 JeecgBoot SysAnnouncementController improper authorization CWE-285 6.3 Medium2026-04-10
CVE-2026-5616 JeecgBoot AI Chat JeecgBizToolsProvider.java missing authentication CWE-306 7.3 High2026-04-06
CVE-2026-3672 JeecgBoot getDictItems isExistSqlInjectKeyword sql injection CWE-89 6.3 Medium2026-03-07
CVE-2026-2945 JeecgBoot uploadImgByHttp server-side request forgery CWE-918 6.3 Medium2026-02-22
CVE-2026-2822 JeecgBoot Backend airag_app,1,create_by sql injection CWE-89 6.3 Medium2026-02-20
CVE-2026-2555 JeecgBoot Retrieval-Augmented Generation AiragKnowledgeController.java importDocumentFromZip deserialization CWE-502 5.0 Medium2026-02-16
CVE-2026-2111 JeecgBoot Retrieval-Augmented Generation edit path traversal CWE-22 4.3 Medium2026-02-07
CVE-2026-1746 JeecgBoot Online Report API loadDictItemByKeyword sql injection CWE-89 6.3 Medium2026-02-02
CVE-2025-15126 JeecgBoot getPositionUserList improper authorization CWE-285 3.1 Low2025-12-28
CVE-2025-15125 JeecgBoot queryDepartPermission improper authorization CWE-285 3.1 Low2025-12-28
CVE-2025-15124 JeecgBoot list getParameterMap improper authorization CWE-285 3.1 Low2025-12-28
CVE-2025-15123 JeecgBoot datarule improper authorization CWE-285 3.1 Low2025-12-28
CVE-2025-15122 JeecgBoot datarule loadDatarule improper authorization CWE-285 3.1 Low2025-12-28
CVE-2025-15121 JeecgBoot getDeptRoleByUserId information disclosure CWE-200 2.4 Low2025-12-28
CVE-2025-15120 JeecgBoot getDeptRoleList improper authorization CWE-285 3.1 Low2025-12-28
CVE-2025-15119 JeecgBoot list queryPageList improper authorization CWE-285 3.1 Low2025-12-28
CVE-2025-14909 JeecgBoot SysUserOnlineController.java SysUserOnlineController user session CWE-1018 4.3 Medium2025-12-19
CVE-2025-14908 JeecgBoot Multi-Tenant Management SysTenantController.java improper authentication CWE-287 6.3 Medium2025-12-19
CVE-2025-10981 JeecgBoot exportXls improper authorization CWE-285 4.3 Medium2025-09-26
CVE-2025-10980 JeecgBoot exportXls improper authorization CWE-285 4.3 Medium2025-09-25
CVE-2025-10979 JeecgBoot exportXls improper authorization CWE-285 4.3 Medium2025-09-25
CVE-2025-10978 JeecgBoot Filter exportXls improper authorization CWE-285 4.3 Medium2025-09-25

All 36 known CVE vulnerabilities affecting JeecgBoot with full Chinese analysis, references, and POCs where available.