EUVD-2026-26805

A security vulnerability has been detected in youlaitech youlai-boot up to 2.21.1. This affects the function getUserList of the file src/main/java/com/youlai/boot/system/controller/UserController.java of the component Users Endpoint. Such manipulation of the argument order leads to sql injection...

CVE-2026-7672 youlaitech youlai-boot Users Endpoint UserController.java getUserList sql injection

A security vulnerability has been detected in youlaitech youlai-boot up to 2.21.1. This affects the function getUserList of the file src/main/java/com/youlai/boot/system/controller/UserController.java of the component Users Endpoint. Such manipulation of the argument order leads to sql injection...

PT-2026-36642

Name of the Vulnerable Software and Affected Versions youlaitech youlai-boot versions prior to 2.21.2 Description A SQL injection issue exists in the Users Endpoint. The flaw is located in the getUserList function within the src/main/java/com/youlai/boot/system/controller/UserController.java file...

youlai-boot 注入漏洞

Youlai-Boot is a permission management system open source by Youlaiorg in China. Versions of Youlai-Boot 2.21.1 and earlier had a injection vulnerability. This vulnerability originated from the function getUserList in the Users Endpoint component’s file...

CVE-2025-66736

youlai-boot V2.21.1 is vulnerable to Incorrect Access Control. The importUsers function in SysUserController.java does not perform a permission check on the current user's identity, which may allow regular users to import user data into the database, resulting in an authorization bypass...

CVE-2025-66736

youlai-boot V2.21.1 is vulnerable to Incorrect Access Control. The importUsers function in SysUserController.java does not perform a permission check on the current user's identity, which may allow regular users to import user data into the database, resulting in an authorization bypass...

CVE-2025-66736

youlai-boot V2.21.1 is vulnerable to Incorrect Access Control. The importUsers function in SysUserController.java does not perform a permission check on the current user's identity, which may allow regular users to import user data into the database, resulting in an authorization bypass...

youlai-boot 安全漏洞

youlai-boot is a permission management system open source by China youlaiorg. A security vulnerability exists in version V2.21.1 of youlai-boot. The vulnerability stems from the importUsers function in SysUserController.java not checking the current user's identity for permissions, which could le...

CVE-2025-66735

CVE-2025-66735 affects youlai-boot v2.21.1, with an Incorrect Access Control in SysRoleController.getRoleForm. The cited sources (NVD/RedHat/EUVD/CVE listing) state the function does not perform permission checks, potentially allowing non-root users to access root roles. Impact is described as hi...

EUVD-2025-199739

Incorrect access control in youlai-boot v2.21.1 allows attackers to escalate privileges and access the Administrator backend...

CVE-2025-55469

CVE-2025-55469 affects youlai-boot v2.21.1. The underlying issue is an incorrect access-control mechanism that allows unauthenticated attackers (CVSS: 9.8, CRITICAL; AV:N/AC:L/PR:N/UI:N/S:U) to escalate privileges and access the Administrator backend. Multiple sources (Red Hat, EUVD/ENISA, NVD, C...

youlai-boot 安全漏洞

youlai-boot is a privilege management system open-sourced by China youlaiorg. A security vulnerability exists in youlai-boot version v2.21.1, which stems from improper access control and may result in elevation of privilege...

EUVD-2023-28013

Malicious code in bioql PyPI...

EUVD-2024-52188

Malicious code in bioql PyPI...

Important: Red Hat Security Advisory: RHOAI 2.21.1 - Red Hat OpenShift AI

Updated images are now available for Red Hat OpenShift AI. Release of RHOAI 2.21.1 provides these changes:...

CVE-2023-23948

The ownCloud Android app allows ownCloud users to access, share, and edit files and folders. Version 2.21.1 of the ownCloud Android app is vulnerable to SQL injection in FileContentProvider.kt. This issue can lead to information disclosure. Two databases, filelist and ownclouddatabase, are...

CVE-2024-53919

An injection vulnerability in Barco ClickShare CX-30/20, C-5/10, and ClickShare Bar Pro and Core models, running firmware before 2.21.1, allows physically proximate attackers or local admins to the webUI to trigger OS-level command execution as root...

PT-2024-35974 · Barco · Barco Clickshare Core +5

Name of the Vulnerable Software and Affected Versions: Barco ClickShare CX-30/20, C-5/10, ClickShare Bar Pro, and Core models versions prior to 2.21.1 Description: An injection vulnerability allows physically proximate attackers or local admins to the webUI to trigger OS-level command execution a...

ownCloud SQL注入漏洞

ownCloud is a set of personal cloud storage solutions from the US-based company ownCloud. A security vulnerability exists in ownCloud Android version 2.21.1. An attacker exploited the vulnerability to disclose sensitive information...

MantisBT < 2.21.2 XSS Vulnerability - Linux

MantisBT is prone to a cross-site scripting vulnerability. Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; yo...