10471 matches found
CVE-2025-66736
youlai-boot V2.21.1 is vulnerable to Incorrect Access Control. The importUsers function in SysUserController.java does not perform a permission check on the current user's identity, which may allow regular users to import user data into the database, resulting in an authorization bypass...
youlai-boot 安全漏洞
youlai-boot is a permission management system open source by China youlaiorg. A security vulnerability exists in version V2.21.1 of youlai-boot. The vulnerability stems from the importUsers function in SysUserController.java not checking the current user's identity for permissions, which could le...
PT-2025-52687
Name of the Vulnerable Software and Affected Versions youlai-boot version 2.21.1 Description The software contains an incorrect access control issue. The getRoleForm function in SysRoleController.java lacks proper permission checks. This may allow users without root privileges to access root role...
youlai-boot 安全漏洞
youlai-boot is a permission management system open source by China youlaiorg. A security vulnerability exists in youlai-boot version V2.21.1, which stems from the getRoleForm function in SysRoleController.java does not perform permission checking, which may result in non-root users directly...
CVE-2025-66736
CVE-2025-66736 affects youlai-boot v2.21.1 and is due to an incorrect access control in the importUsers function of SysUserController.java, which does not perform a permission check on the current user. This may allow regular users to import user data into the database, resulting in an authorizat...
CVE-2025-66735
youlai-boot V2.21.1 is vulnerable to Incorrect Access Control. The getRoleForm function in SysRoleController.java does not perform permission checks, which may allow non-root users to directly access root roles...
CVE-2025-62004
BullWall Server Intrusion Protection services are initialized after login services. An authenticated attacker with administrative permissions can log in after boot and bypass MFA. SIP service does not retroactively enforce the challenge or disconnect unauthenticated sessions. Versions 4.6.0.0,...
New UEFI Flaw Enables Early-Boot DMA Attacks on ASRock, ASUS, GIGABYTE, MSI Motherboards
Certain motherboard models from vendors like ASRock, ASUSTeK Computer, GIGABYTE, and MSI are affected by a security vulnerability that leaves them susceptible to early-boot direct memory access DMA attacks across architectures that implement a Unified Extensible Firmware Interface UEFI and...
CVE-2025-47382
Memory corruption while loading an invalid firmware in boot loader...
CVE-2025-14908
A security flaw has been discovered in JeecgBoot up to 3.9.0. The affected element is an unknown function of the file jeecg-boot/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/SysTenantController.java of the component Multi-Tenant Management Module...
CVE-2025-14909 JeecgBoot SysUserOnlineController.java SysUserOnlineController user session
A weakness has been identified in JeecgBoot up to 3.9.0. The impacted element is the function SysUserOnlineController of the file jeecg-boot/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/SysUserOnlineController.java. Executing manipulation can lead to mana...
PT-2025-52399
Name of the Vulnerable Software and Affected Versions JeecgBoot versions prior to 3.9.0 Description A weakness exists in JeecgBoot that allows for the management of user sessions. The issue is located in the SysUserOnlineController function within the file...
SUSE SLES16: grub2 / grub2-arm64-efi / grub2-common / grub2-i386-pc / etc (SUSE-SU-2025:21212-1)
The remote SUSE Linux SLES16 / SLESSAP16 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:21212-1 advisory. Changes in grub2: - CVE-2025-54771: Fixed grubfileclose does not properly controls the fs refcount bsc1252931 - CVE-2025-54770:...
CVE-2025-62004
BullWall Server Intrusion Protection SIP services are initialized after login services during system startup. A local, authenticated attacker can log in after boot and before SIP MFA is running. The SIP services do not retroactively enforce MFA or disconnect sessions that were not subject to SIP...
CVE-2025-62004
BullWall Server Intrusion Protection SIP services are initialized after login services during system startup. A local, authenticated attacker can log in after boot and before SIP MFA is running. The SIP services do not retroactively enforce MFA or disconnect sessions that were not subject to SIP...
CVE-2025-47382
Memory corruption while loading an invalid firmware in boot loader...
CVE-2025-47382 Incorrect Authorization in Boot
Memory corruption while loading an invalid firmware in boot loader...
CVE-2025-47382 Incorrect Authorization in Boot
Memory corruption while loading an invalid firmware in boot loader...
CVE-2025-47382
CVE-2025-47382 affects Qualcomm embedded platform firmware bootloader, where memory corruption occurs when loading invalid firmware. The root cause is an authorization mechanism deficiency within the boot process, leading to memory corruption. The CVE details indicate a local attack vector with l...
EUVD-2025-204024
Memory corruption while loading an invalid firmware in boot loader...