haoxr

4 exploits Active since Nov 2025
CVE-2025-66736 GITEE HIGH java
youlai-boot V2.21.1 - Auth Bypass
youlai-boot V2.21.1 is vulnerable to Incorrect Access Control. The importUsers function in SysUserController.java does not perform a permission check on the current user's identity, which may allow regular users to import user data into the database, resulting in an authorization bypass vulnerability.
1,080 stars
CVSS 7.1
CVE-2025-66735 GITEE HIGH java
youlai-boot 2.21.1 - Privilege Escalation
youlai-boot V2.21.1 is vulnerable to Incorrect Access Control. The getRoleForm function in SysRoleController.java does not perform permission checks, which may allow non-root users to directly access root roles.
1,080 stars
CVSS 7.5
CVE-2025-55471 GITEE HIGH java
youlai-boot <2.21.1 - Info Disclosure
Incorrect access control in the getUserFormData function of youlai-boot v2.21.1 allows attackers to access sensitive information for other users.
1,080 stars
CVSS 7.5
CVE-2025-55469 GITEE CRITICAL java
youlai-boot <2.21.1 - Privilege Escalation
Incorrect access control in youlai-boot v2.21.1 allows attackers to escalate privileges and access the Administrator backend.
1,080 stars
CVSS 9.8