Total
4 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-66735 | 1 Youlai | 1 Youlai-boot | 2026-01-06 | N/A | 7.5 HIGH |
| youlai-boot V2.21.1 is vulnerable to Incorrect Access Control. The getRoleForm function in SysRoleController.java does not perform permission checks, which may allow non-root users to directly access root roles. | |||||
| CVE-2025-66736 | 1 Youlai | 1 Youlai-boot | 2026-01-06 | N/A | 7.1 HIGH |
| youlai-boot V2.21.1 is vulnerable to Incorrect Access Control. The importUsers function in SysUserController.java does not perform a permission check on the current user's identity, which may allow regular users to import user data into the database, resulting in an authorization bypass vulnerability. | |||||
| CVE-2025-55469 | 1 Youlai | 1 Youlai-boot | 2025-12-05 | N/A | 9.8 CRITICAL |
| Incorrect access control in youlai-boot v2.21.1 allows attackers to escalate privileges and access the Administrator backend. | |||||
| CVE-2025-55471 | 1 Youlai | 1 Youlai-boot | 2025-12-05 | N/A | 7.5 HIGH |
| Incorrect access control in the getUserFormData function of youlai-boot v2.21.1 allows attackers to access sensitive information for other users. | |||||