VYPR

youlai-boot

by youlaitech

CVEs (5)

  • CVE-2026-7672MedMay 3, 2026
    risk 0.41cvss 6.3epss 0.00

    A security vulnerability has been detected in youlaitech youlai-boot up to 2.21.1. This affects the function getUserList of the file src/main/java/com/youlai/boot/system/controller/UserController.java of the component Users Endpoint. Such manipulation of the argument order leads…

  • CVE-2025-66735Dec 22, 2025
    risk 0.00cvss epss 0.00

    youlai-boot V2.21.1 is vulnerable to Incorrect Access Control. The getRoleForm function in SysRoleController.java does not perform permission checks, which may allow non-root users to directly access root roles.

  • CVE-2025-66736Dec 22, 2025
    risk 0.00cvss epss 0.00

    youlai-boot V2.21.1 is vulnerable to Incorrect Access Control. The importUsers function in SysUserController.java does not perform a permission check on the current user's identity, which may allow regular users to import user data into the database, resulting in an…

  • CVE-2025-55469Nov 26, 2025
    risk 0.00cvss epss 0.00

    Incorrect access control in youlai-boot v2.21.1 allows attackers to escalate privileges and access the Administrator backend.

  • CVE-2025-55471Nov 26, 2025
    risk 0.00cvss epss 0.00

    Incorrect access control in the getUserFormData function of youlai-boot v2.21.1 allows attackers to access sensitive information for other users.