VYPR

Lamp Cloud

by Dromara

Source repositories

CVEs (3)

  • CVE-2026-9498MedMay 25, 2026
    risk 0.41cvss 6.3epss 0.00

    A vulnerability has been found in Dromara lamp-cloud up to 5.6.2. Impacted is the function GroovyClassLoader.parseClass of the component Message Template Handler. Such manipulation of the argument DefMsgTemplate.content leads to improper neutralization of special elements used…

  • CVE-2026-5529MedApr 5, 2026
    risk 0.28cvss 4.3epss 0.00

    A vulnerability was detected in Dromara lamp-cloud up to 5.8.1. This vulnerability affects the function pageUser of the file /defUser/pageUser of the component DefUserController. Performing a manipulation results in improper authorization. The attack can be initiated remotely.…

  • CVE-2023-31579Nov 2, 2023
    risk 0.00cvss epss 0.01

    Dromara Lamp-Cloud before v3.8.1 was discovered to use a hardcoded cryptographic key when creating and verifying a Json Web Token. This vulnerability allows attackers to authenticate to the application via a crafted JWT token.