dromara Latest Vulnerabilities
Latest vulnerabilities published by dromara
Vulnerability Published:
🗓️ Published
- Anytime
Sort By:
🗓️ Published Date
- Descending
Arbitrary File Access in RuoYi-Vue-Plus Software by Dromara
CVE-2025-66916DromaraRuoYi-Vue-Plus9.4CRITICALDeserialization Vulnerability in Dromara Sa-Token by Dromara
CVE-2025-15222DromaraSa-token👾🟡2.3LOWDeserialization Vulnerability in Dromara Sa-Token by Dromara
CVE-2025-15117DromaraSa-token2.3LOWInjection Vulnerability in Dromara DataCompare JDBC URL Handler of Dromara
CVE-2025-13268DromaraDatacompare👾🟡5.3MEDIUMImproper Access Control in Dromara Northstar Web Interceptor
CVE-2025-7552DromaraNorthstar5.3MEDIUMPath Traversal Vulnerability in Dromara RuoYi-Vue-Plus Mail Handler
CVE-2025-6925DromaraRuoyi-vue-plus👾🟡6.9MEDIUMServer-Side Request Forgery in Dromara MaxKey Affects Meta URL Handler
CVE-2025-6517DromaraMaxkey👾🟡5.3MEDIUMCross Site Scripting Vulnerability in Dromara ujcms Affects Template Editing
CVE-2025-2491DromaraUjcms👾🟡4.8MEDIUMCross Site Scripting Vulnerability in Dromara ujcms 9.7.5
CVE-2025-2490DromaraUjcms👾🟡4.8MEDIUMStored XSS Vulnerability in UJCMS SVG File Handling
CVE-2024-55451DromaraUjcmsURL Redirection Vulnerability in UJCMS 9.6.3 Exposes Users to Phishing Attacks
CVE-2024-55452DromaraUjcmsVulnerability in Dromara Open-Capacity-Platform 2.0.1 Allows for Information Disclosure
CVE-2024-3928DromaraOpen-capacity-platform👾🟡4.3MEDIUMHertzbeat Fixes YAML Deserialization Vulnerability in Version 1.4.1
CVE-2023-51389DromaraHertzbeat9.8CRITICALHertzbeat Monitoring System Vulnerability Fix
CVE-2023-51388DromaraHertzbeat9.8CRITICALJNDI Injection Vulnerability in Hertzbeat's `JmxCollectImpl.java` Could Lead to Remote Code Execution
CVE-2023-51653DromaraHertzbeat9.8CRITICALDenial of Service Vulnerability in hutool-core by Dromara
CVE-2023-51075DromaraHutool7.5HIGHExpression Injection Vulnerability in Hertzbeat
CVE-2023-51387dromarahertzbeat8.8HIGHUnauthorized access vulnerability on three interfaces
CVE-2023-51650DromaraHertzbeat7.5HIGHPermission bypass due to incorrect configuration in github.com/dromara/hertzbeat
CVE-2022-39337DromaraHertzbeat7.5HIGHHardcoded Key Vulnerability in Dromara Sureness Authentication Framework
CVE-2023-31581DromaraSureness9.8CRITICALAuthentication Bypass in Dromara SaToken by Spring Dynamic Controllers
CVE-2023-43961DromaraSa-token8.8HIGHRemote Code Execution Vulnerability in Dromara SaToken
CVE-2023-44794DromaraSa-token9.8CRITICALDromara HuTool XML Parsing Module XmlUtil.java readBySax xml external entity reference
CVE-2023-3276DromaraHutool5.5MEDIUMDromara J2eeFAST Announcement cross site scripting
CVE-2023-2476DromaraJ2eeFAST5.4MEDIUMDromara J2eeFAST System Message cross site scripting
CVE-2023-2475DromaraJ2eefast👾🟡3.5LOW