Total
4 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-66735 | 1 Youlai | 1 Youlai-boot | 2026-01-06 | N/A | 7.5 HIGH |
|
youlai-boot V2.21.1 is vulnerable to Incorrect Access Control. The getRoleForm function in SysRoleController.java does not perform permission checks, which may allow non-root users to directly access root roles.
|
|||||
| CVE-2025-66736 | 1 Youlai | 1 Youlai-boot | 2026-01-06 | N/A | 7.1 HIGH |
|
youlai-boot V2.21.1 is vulnerable to Incorrect Access Control. The importUsers function in SysUserController.java does not perform a permission check on the current user's identity, which may allow regular users to import user data into the database, resulting in an authorization bypass vulnerability.
|
|||||
| CVE-2025-55469 | 1 Youlai | 1 Youlai-boot | 2025-12-05 | N/A | 9.8 CRITICAL |
|
Incorrect access control in youlai-boot v2.21.1 allows attackers to escalate privileges and access the Administrator backend.
|
|||||
| CVE-2025-55471 | 1 Youlai | 1 Youlai-boot | 2025-12-05 | N/A | 7.5 HIGH |
|
Incorrect access control in the getUserFormData function of youlai-boot v2.21.1 allows attackers to access sensitive information for other users.
|
|||||