youlaitech
Products
1- 5 CVEs
Recent CVEs
5| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-7672 | Med | 0.41 | 6.3 | 0.00 | May 3, 2026 | A security vulnerability has been detected in youlaitech youlai-boot up to 2.21.1. This affects the function getUserList of the file src/main/java/com/youlai/boot/system/controller/UserController.java of the component Users Endpoint. Such manipulation of the argument order leads… | ||
| CVE-2025-66736 | 0.00 | — | 0.00 | Dec 22, 2025 | youlai-boot V2.21.1 is vulnerable to Incorrect Access Control. The importUsers function in SysUserController.java does not perform a permission check on the current user's identity, which may allow regular users to import user data into the database, resulting in an… | |||
| CVE-2025-66735 | 0.00 | — | 0.00 | Dec 22, 2025 | youlai-boot V2.21.1 is vulnerable to Incorrect Access Control. The getRoleForm function in SysRoleController.java does not perform permission checks, which may allow non-root users to directly access root roles. | |||
| CVE-2025-55469 | 0.00 | — | 0.00 | Nov 26, 2025 | Incorrect access control in youlai-boot v2.21.1 allows attackers to escalate privileges and access the Administrator backend. | |||
| CVE-2025-55471 | 0.00 | — | 0.00 | Nov 26, 2025 | Incorrect access control in the getUserFormData function of youlai-boot v2.21.1 allows attackers to access sensitive information for other users. |
- risk 0.41cvss 6.3epss 0.00
A security vulnerability has been detected in youlaitech youlai-boot up to 2.21.1. This affects the function getUserList of the file src/main/java/com/youlai/boot/system/controller/UserController.java of the component Users Endpoint. Such manipulation of the argument order leads…
- CVE-2025-66736Dec 22, 2025risk 0.00cvss —epss 0.00
youlai-boot V2.21.1 is vulnerable to Incorrect Access Control. The importUsers function in SysUserController.java does not perform a permission check on the current user's identity, which may allow regular users to import user data into the database, resulting in an…
- CVE-2025-66735Dec 22, 2025risk 0.00cvss —epss 0.00
youlai-boot V2.21.1 is vulnerable to Incorrect Access Control. The getRoleForm function in SysRoleController.java does not perform permission checks, which may allow non-root users to directly access root roles.
- CVE-2025-55469Nov 26, 2025risk 0.00cvss —epss 0.00
Incorrect access control in youlai-boot v2.21.1 allows attackers to escalate privileges and access the Administrator backend.
- CVE-2025-55471Nov 26, 2025risk 0.00cvss —epss 0.00
Incorrect access control in the getUserFormData function of youlai-boot v2.21.1 allows attackers to access sensitive information for other users.