dromara Summary
Latest vulnerabilities published by dromara
Vulnerability Published:
ποΈ Published
- Anytime
Sort By:
ποΈ Published Date
- Descending
Improper Access Control in Dromara Northstar Web Interceptor
CVE-2025-7552DromaraNorthstar5.3MEDIUMPath Traversal Vulnerability in Dromara RuoYi-Vue-Plus Mail Handler
CVE-2025-6925DromaraRuoyi-vue-plusπΎπ‘6.9MEDIUMServer-Side Request Forgery in Dromara MaxKey Affects Meta URL Handler
CVE-2025-6517DromaraMaxkeyπΎπ‘5.3MEDIUMCross Site Scripting Vulnerability in Dromara ujcms Affects Template Editing
CVE-2025-2491DromaraUjcmsπΎπ‘4.8MEDIUMCross Site Scripting Vulnerability in Dromara ujcms 9.7.5
CVE-2025-2490DromaraUjcmsπΎπ‘4.8MEDIUMStored XSS Vulnerability in UJCMS SVG File Handling
CVE-2024-55451DromaraUjcmsURL Redirection Vulnerability in UJCMS 9.6.3 Exposes Users to Phishing Attacks
CVE-2024-55452DromaraUjcmsVulnerability in Dromara Open-Capacity-Platform 2.0.1 Allows for Information Disclosure
CVE-2024-3928DromaraOpen-capacity-platformπΎπ‘4.3MEDIUMHertzbeat Fixes YAML Deserialization Vulnerability in Version 1.4.1
CVE-2023-51389DromaraHertzbeat9.8CRITICALHertzbeat Monitoring System Vulnerability Fix
CVE-2023-51388DromaraHertzbeat9.8CRITICALJNDI Injection Vulnerability in Hertzbeat's `JmxCollectImpl.java` Could Lead to Remote Code Execution
CVE-2023-51653DromaraHertzbeat9.8CRITICALDenial of Service Vulnerability in hutool-core by Dromara
CVE-2023-51075DromaraHutool7.5HIGHExpression Injection Vulnerability in Hertzbeat
CVE-2023-51387dromarahertzbeat8.8HIGHUnauthorized access vulnerability on three interfaces
CVE-2023-51650DromaraHertzbeat7.5HIGHPermission bypass due to incorrect configuration in github.com/dromara/hertzbeat
CVE-2022-39337DromaraHertzbeat7.5HIGHHardcoded Key Vulnerability in Dromara Sureness Authentication Framework
CVE-2023-31581DromaraSureness9.8CRITICALAuthentication Bypass in Dromara SaToken by Spring Dynamic Controllers
CVE-2023-43961DromaraSa-token8.8HIGHRemote Code Execution Vulnerability in Dromara SaToken
CVE-2023-44794DromaraSa-token9.8CRITICALDromara HuTool XML Parsing Module XmlUtil.java readBySax xml external entity reference
CVE-2023-3276DromaraHutool5.5MEDIUMDromara J2eeFAST Announcement cross site scripting
CVE-2023-2476DromaraJ2eeFAST5.4MEDIUMDromara J2eeFAST System Message cross site scripting
CVE-2023-2475DromaraJ2eefastπΎπ‘3.5LOWDromara HuTool cn.hutool.core.util.ZipUtil.java resource consumption
CVE-2022-4565DromaraHutool4.3MEDIUM
14 July 2025
30 June 2025
23 June 2025
18 March 2025
16 December 2024
18 April 2024
22 February 2024
27 December 2023
22 December 2023
25 October 2023
15 June 2023
2 May 2023
16 December 2022
No more vulnerabilities to load.