youlai
Web & CMS Pluginscommercial
Top products
Latest CVEs
The 14 most recently published vulnerabilities affecting youlai.
- CVE-2026-3287youlaitech youlai-mall App-side Product Pagination Endpoint SpuController.java listPagedSpuForApp sql injection6.3
- CVE-2025-15372youlaitech vue3-element-admin Notice index.vue cross site scripting2.4
- CVE-2025-15087youlaitech youlai-mall OrderController.java submitOrderPayment improper authorization4.3
- CVE-2025-15086youlaitech youlai-mall MemberController.java getMemberByMobile access control4.3
- CVE-2025-15085youlaitech youlai-mall Balance MemberController.java deductBalance improper authorization4.3
- CVE-2025-15084youlaitech youlai-mall Order Payment OrderController.java orderService.payOrder access control3.1
- CVE-2025-66736youlai-boot V2.21.1 is vulnerable to Incorrect Access Control. The importUsers function in SysUserController.java does not perform a permission check on the current user's identity, which may allow...7.1
- CVE-2025-66735youlai-boot V2.21.1 is vulnerable to Incorrect Access Control. The getRoleForm function in SysRoleController.java does not perform permission checks, which may allow non-root users to directly acce...7.5
- CVE-2025-14086youlaitech youlai-mall openid access control6.3
- CVE-2025-14085youlaitech youlai-mall orders improper control of dynamically-identified variables6.3
- CVE-2025-14052youlaitech youlai-mall members getMemberById access control6.3
- CVE-2025-14051youlaitech youlai-mall addresses deleteAddress improper control of dynamically-identified variables6.3
- CVE-2025-55471Incorrect access control in the getUserFormData function of youlai-boot v2.21.1 allows attackers to access sensitive information for other users.7.5
- CVE-2025-55469Incorrect access control in youlai-boot v2.21.1 allows attackers to escalate privileges and access the Administrator backend.9.8