dromara Latest Vulnerabilities
Latest vulnerabilities published by dromara
Vulnerability Published:
🗓️ Published
- Anytime
Sort By:
🗓️ Published Date
- Descending
Code Injection Vulnerability in Dromara Warm-Flow Product
CVE-2026-6125DromaraWarm-flow👾🟡5.3MEDIUMImproper Authorization in Dromara Lamp-Cloud Affects Remote User Management
CVE-2026-5529DromaraLamp-cloud👾🟡5.3MEDIUMRemote Code Injection Vulnerability in Dromara UJCMS Product
CVE-2026-2954DromaraUjcms👾🟡5.3MEDIUMPath Traversal Vulnerability in Dromara UJCMS 101.2
CVE-2026-2953DromaraUjcms👾🟡5.3MEDIUMAuthorization Bypass in Dromara RuoYi-Vue-Plus by Dromara
CVE-2026-2819DromaraRuoyi-vue-plus5.3MEDIUMArbitrary File Access in RuoYi-Vue-Plus Software by Dromara
CVE-2025-66916DromaraRuoYi-Vue-Plus9.4CRITICALDeserialization Vulnerability in Dromara Sa-Token by Dromara
CVE-2025-15222DromaraSa-token👾🟡2.3LOWDeserialization Vulnerability in Dromara Sa-Token by Dromara
CVE-2025-15117DromaraSa-token2.3LOWInjection Vulnerability in Dromara DataCompare JDBC URL Handler of Dromara
CVE-2025-13268DromaraDatacompare👾🟡5.3MEDIUMImproper Access Control in Dromara Northstar Web Interceptor
CVE-2025-7552DromaraNorthstar5.3MEDIUMPath Traversal Vulnerability in Dromara RuoYi-Vue-Plus Mail Handler
CVE-2025-6925DromaraRuoyi-vue-plus👾🟡6.9MEDIUMServer-Side Request Forgery in Dromara MaxKey Affects Meta URL Handler
CVE-2025-6517DromaraMaxkey👾🟡5.3MEDIUMCross Site Scripting Vulnerability in Dromara ujcms Affects Template Editing
CVE-2025-2491DromaraUjcms👾🟡4.8MEDIUMCross Site Scripting Vulnerability in Dromara ujcms 9.7.5
CVE-2025-2490DromaraUjcms👾🟡4.8MEDIUMStored XSS Vulnerability in UJCMS SVG File Handling
CVE-2024-55451DromaraUjcms4.8MEDIUMURL Redirection Vulnerability in UJCMS 9.6.3 Exposes Users to Phishing Attacks
CVE-2024-55452DromaraUjcms5.4MEDIUMVulnerability in Dromara Open-Capacity-Platform 2.0.1 Allows for Information Disclosure
CVE-2024-3928DromaraOpen-capacity-platform👾🟡4.3MEDIUMHertzbeat Fixes YAML Deserialization Vulnerability in Version 1.4.1
CVE-2023-51389DromaraHertzbeat9.8CRITICALHertzbeat Monitoring System Vulnerability Fix
CVE-2023-51388DromaraHertzbeat9.8CRITICALJNDI Injection Vulnerability in Hertzbeat's `JmxCollectImpl.java` Could Lead to Remote Code Execution
CVE-2023-51653DromaraHertzbeat9.8CRITICALDenial of Service Vulnerability in hutool-core by Dromara
CVE-2023-51075DromaraHutool7.5HIGHExpression Injection Vulnerability in Hertzbeat
CVE-2023-51387dromarahertzbeat8.8HIGHUnauthorized access vulnerability on three interfaces
CVE-2023-51650DromaraHertzbeat7.5HIGHPermission bypass due to incorrect configuration in github.com/dromara/hertzbeat
CVE-2022-39337DromaraHertzbeat7.5HIGHHardcoded Key Vulnerability in Dromara Sureness Authentication Framework
CVE-2023-31581DromaraSureness9.8CRITICAL