CVE-2024-27764 — CVSS 9.8 (critical): An issue in Jeewms v.3.7 and before allows a remote attacker to escalate privileges via the AuthInterceptor component.
CVE-2024-27765 — CVSS 7.5 (high): Directory Traversal vulnerability in Jeewms v.3.7 and before allows a remote attacker to obtain sensitive information via the…
CVE-2024-57757 — CVSS 7.5 (high): JeeWMS before v2025.01.01 was discovered to contain a permission bypass in the component /interceptors/AuthInterceptor.cava.
CVE-2026-3026 — CVSS 7.3 (high): A vulnerability has been found in erzhongxmu JEEWMS 3.7. Affected by this issue is some unknown functionality of the file…
CVE-2024-57760 — CVSS 6.5 (medium): JeeWMS before v2025.01.01 was discovered to contain a SQL injection vulnerability via the ReportId parameter at /core/CGReportDao.java.
CVE-2025-29213 — CVSS 5.5 (medium): A zip slip vulnerability in the component \service\migrate\MigrateForm.java of JEEWMS v3.7 allows attackers to execute arbitrary code via a…
CVE-2026-3027 — CVSS 4.3 (medium): A vulnerability was found in erzhongxmu JEEWMS up to 3.7. This affects an unknown part of the file src/main/webapp/plug-in/ueditor/jsp/getCo…