Filtered by vendor Youlai
Subscriptions
Filtered by product Youlai-boot
Subscriptions
Total
4 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-66735 | 1 Youlai | 1 Youlai-boot | 2025-12-23 | 7.5 High |
| youlai-boot V2.21.1 is vulnerable to Incorrect Access Control. The getRoleForm function in SysRoleController.java does not perform permission checks, which may allow non-root users to directly access root roles. | ||||
| CVE-2025-66736 | 1 Youlai | 1 Youlai-boot | 2025-12-23 | 7.1 High |
| youlai-boot V2.21.1 is vulnerable to Incorrect Access Control. The importUsers function in SysUserController.java does not perform a permission check on the current user's identity, which may allow regular users to import user data into the database, resulting in an authorization bypass vulnerability. | ||||
| CVE-2025-55469 | 1 Youlai | 1 Youlai-boot | 2025-12-05 | 9.8 Critical |
| Incorrect access control in youlai-boot v2.21.1 allows attackers to escalate privileges and access the Administrator backend. | ||||
| CVE-2025-55471 | 1 Youlai | 1 Youlai-boot | 2025-12-05 | 7.5 High |
| Incorrect access control in the getUserFormData function of youlai-boot v2.21.1 allows attackers to access sensitive information for other users. | ||||
Page 1 of 1.