dromara Summary
Latest vulnerabilities published by dromara
Vulnerability Published:
ποΈ Published
- Anytime
Sort By:
ποΈ Published Date
- Descending
Server-Side Request Forgery in Dromara MaxKey Affects Meta URL Handler
CVE-2025-6517DromaraMaxkeyπΎπ‘5.3MEDIUMCross Site Scripting Vulnerability in Dromara ujcms Affects Template Editing
CVE-2025-2491DromaraUjcmsπΎπ‘4.8MEDIUMCross Site Scripting Vulnerability in Dromara ujcms 9.7.5
CVE-2025-2490DromaraUjcmsπΎπ‘4.8MEDIUMStored XSS Vulnerability in UJCMS SVG File Handling
CVE-2024-55451DromaraUjcmsURL Redirection Vulnerability in UJCMS 9.6.3 Exposes Users to Phishing Attacks
CVE-2024-55452DromaraUjcmsVulnerability in Dromara Open-Capacity-Platform 2.0.1 Allows for Information Disclosure
CVE-2024-3928DromaraOpen-capacity-platformπΎπ‘4.3MEDIUMHertzbeat Fixes YAML Deserialization Vulnerability in Version 1.4.1
CVE-2023-51389DromaraHertzbeat9.8CRITICALHertzbeat Monitoring System Vulnerability Fix
CVE-2023-51388DromaraHertzbeat9.8CRITICALJNDI Injection Vulnerability in Hertzbeat's `JmxCollectImpl.java` Could Lead to Remote Code Execution
CVE-2023-51653DromaraHertzbeat9.8CRITICALDenial of Service Vulnerability in hutool-core by Dromara
CVE-2023-51075DromaraHutool7.5HIGHExpression Injection Vulnerability in Hertzbeat
CVE-2023-51387dromarahertzbeat8.8HIGHUnauthorized access vulnerability on three interfaces
CVE-2023-51650DromaraHertzbeat7.5HIGHPermission bypass due to incorrect configuration in github.com/dromara/hertzbeat
CVE-2022-39337DromaraHertzbeat7.5HIGHHardcoded Key Vulnerability in Dromara Sureness Authentication Framework
CVE-2023-31581DromaraSureness9.8CRITICALAuthentication Bypass in Dromara SaToken by Spring Dynamic Controllers
CVE-2023-43961DromaraSa-token8.8HIGHRemote Code Execution Vulnerability in Dromara SaToken
CVE-2023-44794DromaraSa-token9.8CRITICALDromara HuTool XML Parsing Module XmlUtil.java readBySax xml external entity reference
CVE-2023-3276DromaraHutool5.5MEDIUMDromara J2eeFAST Announcement cross site scripting
CVE-2023-2476DromaraJ2eeFAST5.4MEDIUMDromara J2eeFAST System Message cross site scripting
CVE-2023-2475DromaraJ2eefastπΎπ‘3.5LOWDromara HuTool cn.hutool.core.util.ZipUtil.java resource consumption
CVE-2022-4565DromaraHutool4.3MEDIUM
23 June 2025
18 March 2025
16 December 2024
18 April 2024
22 February 2024
27 December 2023
22 December 2023
25 October 2023
15 June 2023
2 May 2023
16 December 2022
No more vulnerabilities to load.