VYPR

Youlai Mall

by Youlai

CVEs (9)

  • CVE-2026-3287MedFeb 27, 2026
    risk 0.41cvss 6.3epss 0.00

    A security flaw has been discovered in youlaitech youlai-mall 2.0.0. This affects the function listPagedSpuForApp of the file mall-pms/pms-boot/src/main/java/com/youlai/mall/pms/controller/app/SpuController.java of the component App-side Product Pagination Endpoint. Performing a…

  • CVE-2025-14086MedDec 5, 2025
    risk 0.41cvss 6.3epss 0.00

    A vulnerability was found in youlaitech youlai-mall 1.0.0/2.0.0. Affected is an unknown function of the file /app-api/v1/members/openid/. The manipulation of the argument openid results in improper access controls. The attack can be executed remotely. The exploit has been made…

  • CVE-2025-14085MedDec 5, 2025
    risk 0.41cvss 6.3epss 0.00

    A vulnerability has been found in youlaitech youlai-mall 1.0.0/2.0.0. This impacts an unknown function of the file /app-api/v1/orders/. The manipulation of the argument orderId leads to improper control of dynamically-identified variables. Remote exploitation of the attack is…

  • CVE-2025-14052MedDec 5, 2025
    risk 0.41cvss 6.3epss 0.00

    A vulnerability has been found in youlaitech youlai-mall 1.0.0/2.0.0. Affected by this vulnerability is the function getMemberById of the file /mall-ums/app-api/v1/members/. The manipulation of the argument memberId leads to improper access controls. The attack is possible to be…

  • CVE-2025-14051MedDec 4, 2025
    risk 0.41cvss 6.3epss 0.00

    A flaw has been found in youlaitech youlai-mall 1.0.0/2.0.0. Affected is the function getById/updateAddress/deleteAddress of the file /mall-ums/app-api/v1/addresses/. Executing manipulation can lead to improper control of dynamically-identified variables. The attack can be…

  • CVE-2025-15087MedDec 25, 2025
    risk 0.28cvss 4.3epss 0.00

    A security vulnerability has been detected in youlaitech youlai-mall 1.0.0/2.0.0. Affected is the function submitOrderPayment of the file mall-oms/oms-boot/src/main/java/com/youlai/mall/oms/controller/app/OrderController.java. Such manipulation of the argument orderSn leads to…

  • CVE-2025-15086MedDec 25, 2025
    risk 0.28cvss 4.3epss 0.00

    A weakness has been identified in youlaitech youlai-mall 1.0.0/2.0.0. This impacts the function getMemberByMobile of the file mall-ums/ums-boot/src/main/java/com/youlai/mall/ums/controller/app/MemberController.java. This manipulation causes improper access controls. The attack…

  • CVE-2025-15085MedDec 25, 2025
    risk 0.28cvss 4.3epss 0.00

    A security flaw has been discovered in youlaitech youlai-mall 1.0.0/2.0.0. This affects the function deductBalance of the file mall-ums/ums-boot/src/main/java/com/youlai/mall/ums/controller/app/MemberController.java of the component Balance Handler. The manipulation results in…

  • CVE-2025-15084LowDec 25, 2025
    risk 0.20cvss 3.1epss 0.00

    A vulnerability was identified in youlaitech youlai-mall 1.0.0/2.0.0. The impacted element is the function orderService.payOrder of the file mall-oms/oms-boot/src/main/java/com/youlai/mall/oms/controller/app/OrderController.java of the component Order Payment Handler. The…