VYPR
Vendor

Dromara

Products
10
CVEs
15
Across products
15
Status
Private

Products

10

Recent CVEs

15
  • CVE-2026-9498MedMay 25, 2026
    risk 0.41cvss 6.3epss 0.00

    A vulnerability has been found in Dromara lamp-cloud up to 5.6.2. Impacted is the function GroovyClassLoader.parseClass of the component Message Template Handler. Such manipulation of the argument DefMsgTemplate.content leads to improper neutralization of special elements used…

  • CVE-2026-2819MedFeb 20, 2026
    risk 0.41cvss 6.3epss 0.00

    A vulnerability was identified in Dromara RuoYi-Vue-Plus up to 5.5.3. This vulnerability affects the function SaServletFilter of the file /workflow/instance/deleteByInstanceIds of the component Workflow Module. The manipulation leads to missing authorization. The attack may be…

  • CVE-2025-13268MedNov 17, 2025
    risk 0.41cvss 6.3epss 0.00

    A flaw has been found in Dromara dataCompare up to 1.0.1. The affected element is the function DbConfig of the file src/main/java/com/vince/xq/project/system/dbconfig/service/DbconfigServiceImpl.java of the component JDBC URL Handler. Executing manipulation can lead to…

  • CVE-2025-7552MedJul 14, 2025
    risk 0.41cvss 6.3epss 0.00

    A vulnerability was found in Dromara Northstar up to 7.3.5. It has been rated as critical. Affected by this issue is the function preHandle of the file northstar-main/src/main/java/org/dromara/northstar/web/interceptor/AuthorizationInterceptor.java of the component Path Handler.…

  • CVE-2025-15222MedDec 30, 2025
    risk 0.33cvss 5.0epss 0.00

    A vulnerability has been found in Dromara Sa-Token up to 1.44.0. This issue affects the function ObjectInputStream.readObject of the file SaSerializerTemplateForJdkUseBase64.java. Such manipulation leads to deserialization. The attack can be executed remotely. This attack is…

  • CVE-2026-5529MedApr 5, 2026
    risk 0.28cvss 4.3epss 0.00

    A vulnerability was detected in Dromara lamp-cloud up to 5.8.1. This vulnerability affects the function pageUser of the file /defUser/pageUser of the component DefUserController. Performing a manipulation results in improper authorization. The attack can be initiated remotely.…

  • CVE-2024-3928MedApr 18, 2024
    risk 0.28cvss 4.3epss 0.01

    A vulnerability was found in Dromara open-capacity-platform 2.0.1. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /actuator/heapdump of the component auth-server. The manipulation leads to information disclosure. The…

  • CVE-2025-15117LowDec 28, 2025
    risk 0.20cvss 3.1epss 0.00

    A weakness has been identified in Dromara Sa-Token up to 1.44.0. This affects the function ObjectInputStream.readObject of the file SaJdkSerializer.java. Executing manipulation can lead to deserialization. The attack may be launched remotely. This attack is characterized by high…

  • CVE-2025-66916Jan 8, 2026
    risk 0.00cvss epss 0.01

    The snailjob component in RuoYi-Vue-Plus versions 5.5.1 and earlier, interface /snail-job/workflow/check-node-expression can execute QLExpress expressions, but it does not filter user input, allowing attackers to use the File class to perform arbitrary file reading and writing.

  • CVE-2025-6925Jun 30, 2025
    risk 0.00cvss epss 0.01

    A vulnerability has been found in Dromara RuoYi-Vue-Plus 5.4.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /src/main/java/org/dromara/demo/controller/MailController.java of the component Mail Handler. The manipulation of the…

  • CVE-2023-31579Nov 2, 2023
    risk 0.00cvss epss 0.01

    Dromara Lamp-Cloud before v3.8.1 was discovered to use a hardcoded cryptographic key when creating and verifying a Json Web Token. This vulnerability allows attackers to authenticate to the application via a crafted JWT token.

  • CVE-2023-3276Jun 15, 2023
    risk 0.00cvss epss 0.01

    A vulnerability, which was classified as problematic, has been found in Dromara HuTool up to 5.8.19. Affected by this issue is the function readBySax of the file XmlUtil.java of the component XML Parsing Module. The manipulation leads to xml external entity reference. The…

  • CVE-2023-2476May 2, 2023
    risk 0.00cvss epss 0.01

    A vulnerability was found in Dromara J2eeFAST up to 2.6.0. It has been classified as problematic. Affected is an unknown function of the component Announcement Handler. The manipulation of the argument 系统工具/公告管理 leads to cross site scripting. It is possible to…

  • CVE-2023-2475May 2, 2023
    risk 0.00cvss epss 0.01

    A vulnerability was found in Dromara J2eeFAST up to 2.6.0 and classified as problematic. This issue affects some unknown processing of the component System Message Handler. The manipulation of the argument 主题 leads to cross site scripting. The attack may be initiated…

  • CVE-2022-4565Dec 16, 2022
    risk 0.00cvss epss 0.01

    A vulnerability classified as problematic was found in Dromara HuTool up to 5.8.10. This vulnerability affects unknown code of the file cn.hutool.core.util.ZipUtil.java. The manipulation leads to resource consumption. The attack can be initiated remotely. The exploit has been…