Heyewei Heyewei

  1. Vendors
  2. Heyewei

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in any Heyewei product.

RSS Feeds for Heyewei security vulnerabilities

Create a CVE RSS feed including security vulnerabilities found in Heyewei products with stack.watch. Just hit watch, then grab your custom RSS feed url.

Products by Heyewei Sorted by Most Security Vulnerabilities since 2018

Heyewei Jfinalcms8 vulnerabilities

Heyewei Springbootcms1 vulnerability

By the Year

In 2026 there have been 1 vulnerability in Heyewei with an average score of 2.4 out of ten. Last year, in 2025 Heyewei had 1 security vulnerability published. If vulnerabilities keep coming in at the current rate, it appears that number of security vulnerabilities in Heyewei in 2026 could surpass last years number.

Year Vulnerabilities Average Score
2026 1 2.40
2025 1 0.00
2024 7 6.52

It may take a day or so for new Heyewei vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Heyewei Security Vulnerabilities

CVE Date Vulnerability Products
CVE-2026-2200 Feb 09, 2026
JFinalCMS 5.0.0 /admin/admin/save XSS Remote API Vulnerability A weakness has been identified in heyewei JFinalCMS 5.0.0. This affects an unknown function of the file /admin/admin/save of the component API Endpoint. Executing a manipulation can lead to cross site scripting. The attack can be launched remotely. The exploit has been made available to the public and could be used for attacks.
Jfinalcms
CVE-2024-57665 Jan 29, 2025
JFinalCMS 1.0 SQLi via RC Content.java title param JFinalCMS 1.0 is vulnerable to SQL Injection in rc/main/java/com/cms/entity/Content.java. The cause of the vulnerability is that the title parameter is controllable and is concatenated directly into filterSql without filtering.
Jfinalcms
CVE-2024-8782 Sep 13, 2024
JFinalCMS pre-1.0 Path Traversal in /admin/template/edit (CR) A vulnerability was found in JFinalCMS up to 1.0. It has been rated as critical. This issue affects the function delete of the file /admin/template/edit. The manipulation of the argument name leads to path traversal. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Jfinalcms
CVE-2024-8706 Sep 12, 2024
JFinalCMS Path Traversal via /admin/template/update remote exploit A vulnerability was found in JFinalCMS up to 20240903. It has been classified as problematic. This affects the function update of the file /admin/template/update of the component com.cms.util.TemplateUtils. The manipulation of the argument fileName leads to path traversal. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Jfinalcms
CVE-2024-8694 Sep 11, 2024
JFinalCMS path traversal via /admin/template/update fileName (CVE-2024-8694) A vulnerability, which was classified as problematic, was found in JFinalCMS up to 20240903. This affects the function update of the file /admin/template/update of the component com.cms.controller.admin.TemplateController. The manipulation of the argument fileName leads to path traversal. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Jfinalcms
CVE-2024-6539 Jul 07, 2024
heyewei SpringBootCMS Guestbook Handler XSS via Content A vulnerability classified as problematic has been found in heyewei SpringBootCMS up to 2024-05-28. Affected is an unknown function of the file /guestbook of the component Guestbook Handler. The manipulation of the argument Content leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-270450 is the identifier assigned to this vulnerability.
Springbootcms
CVE-2024-5379 May 26, 2024
Remote XSS in JFinalCMS /admin/template A vulnerability was found in JFinalCMS up to 20240111. It has been rated as problematic. This issue affects some unknown processing of the file /admin/template. The manipulation of the argument directory leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-266291.
Jfinalcms
CVE-2024-5310 May 24, 2024
Remote XSS via Title param in JFinalCMS /admin/content A vulnerability classified as problematic has been found in JFinalCMS up to 20221020. This affects an unknown part of the file /admin/content. The manipulation of the argument Title leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-266121 was assigned to this vulnerability.
Jfinalcms
CVE-2024-2568 Mar 17, 2024
JFinalCMS 5.0.0 SQLi via /admin/div_data/delete A vulnerability has been found in heyewei JFinalCMS 5.0.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/div_data/delete?divId=9 of the component Custom Data Page. The manipulation leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257071.
Jfinalcms
Built by Foundeo Inc., with data from the National Vulnerability Database (NVD). Privacy Policy. Use of this site is governed by the Legal Terms
Disclaimer
CONTENT ON THIS WEBSITE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. Always check with your vendor for the most up to date, and accurate information.