Lucene search
K

22 matches found

RedhatCVE
RedhatCVE
added 2026/05/28 8:13 p.m.12 views

CVE-2026-9498

A vulnerability has been found in Dromara lamp-cloud up to 5.6.2. Impacted is the function GroovyClassLoader.parseClass of the component Message Template Handler. Such manipulation of the argument DefMsgTemplate.content leads to improper neutralization of special elements used in a template engin...

6.5CVSS6.2AI score0.00295EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/25 8:0 p.m.9 views

CVE-2026-9498

A vulnerability has been found in Dromara lamp-cloud up to 5.6.2. Impacted is the function GroovyClassLoader.parseClass of the component Message Template Handler. Such manipulation of the argument DefMsgTemplate.content leads to improper neutralization of special elements used in a template engin...

6.5CVSS6.2AI score0.00295EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2026/05/25 8:0 p.m.21 views

CVE-2026-9498

Technical details are not publicly available in the provided documents. Monitor for updates.

6.5CVSS6.2AI score0.00295EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/05/25 8:0 p.m.10 views

CVE-2026-9498 Dromara lamp-cloud Message Template GroovyClassLoader.parseClass special elements used in a template engine

A vulnerability has been found in Dromara lamp-cloud up to 5.6.2. Impacted is the function GroovyClassLoader.parseClass of the component Message Template Handler. Such manipulation of the argument DefMsgTemplate.content leads to improper neutralization of special elements used in a template engin...

6.5CVSS6.2AI score0.00295EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/25 8:0 p.m.12 views

EUVD-2026-31733

A vulnerability has been found in Dromara lamp-cloud up to 5.6.2. Impacted is the function GroovyClassLoader.parseClass of the component Message Template Handler. Such manipulation of the argument DefMsgTemplate.content leads to improper neutralization of special elements used in a template engin...

6.5CVSS6.2AI score0.00295EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/25 12:0 a.m.15 views

PT-2026-43117

A vulnerability has been found in Dromara lamp-cloud up to 5.6.2. Impacted is the function GroovyClassLoader.parseClass of the component Message Template Handler. Such manipulation of the argument DefMsgTemplate.content leads to improper neutralization of special elements used in a template engin...

6.5CVSS6.2AI score0.00295EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/25 12:0 a.m.13 views

Dromara Lamp-Cloud 安全漏洞

Dromara Lamp-Cloud is dromara open source based on Jdk11 SpringCloud SpringBoot development of microservices in the backend rapid development platform . Dromara lamp-cloud 5.6.2 and earlier versions of a security vulnerability , the vulnerability stems from the Message Template Handler component ...

6.5CVSS6.6AI score0.00295EPSS
Exploits0References5
EUVD
EUVD
added 2026/04/05 3:30 a.m.4 views

EUVD-2026-19007

A vulnerability was detected in Dromara lamp-cloud up to 5.8.1. This vulnerability affects the function pageUser of the file /defUser/pageUser of the component DefUserController. Performing a manipulation results in improper authorization. The attack can be initiated remotely. The exploit is now...

5.3CVSS5.5AI score0.00273EPSS
Exploits0References6
NVD
NVD
added 2026/04/05 1:16 a.m.6 views

CVE-2026-5529

A vulnerability was detected in Dromara lamp-cloud up to 5.8.1. This vulnerability affects the function pageUser of the file /defUser/pageUser of the component DefUserController. Performing a manipulation results in improper authorization. The attack can be initiated remotely. The exploit is now...

5.3CVSS0.00273EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/04/05 12:15 a.m.28 views

CVE-2026-5529 Dromara lamp-cloud DefUserController pageUser improper authorization

A vulnerability was detected in Dromara lamp-cloud up to 5.8.1. This vulnerability affects the function pageUser of the file /defUser/pageUser of the component DefUserController. Performing a manipulation results in improper authorization. The attack can be initiated remotely. The exploit is now...

5.3CVSS0.00273EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/04/05 12:15 a.m.2 views

CVE-2026-5529

A vulnerability was detected in Dromara lamp-cloud up to 5.8.1. This vulnerability affects the function pageUser of the file /defUser/pageUser of the component DefUserController. Performing a manipulation results in improper authorization. The attack can be initiated remotely. The exploit is now...

5.3CVSS5.5AI score0.00273EPSS
Exploits0References5Affected Software1
CNNVD
CNNVD
added 2026/04/05 12:0 a.m.6 views

Dromara Lamp-Cloud 授权问题漏洞

Dromara Lamp-Cloud is an open-source rapid development platform for microservices, built using Jdk11, SpringCloud, and SpringBoot. Versions of Dromara Lamp-Cloud 5.8.1 and earlier have a licensing issue vulnerability, which stems from improper authorization in the pageUser function...

5.3CVSS5.8AI score0.00273EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2023-3064

Malicious code in bioql PyPI...

9.8CVSS9.2AI score0.00681EPSS
Exploits0References4
OSV
OSV
added 2023/11/03 12:30 a.m.28 views

GHSA-XR8C-MQ5X-5F56 Dromara Lamp-Cloud Use of Hard-coded Cryptographic Key

Dromara Lamp-Cloud before v3.8.1 was discovered to use a hardcoded cryptographic key when creating and verifying a Json Web Token. This vulnerability allows attackers to authenticate to the application via a crafted JWT token...

7.5CVSS9.2AI score0.00681EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2023/11/03 12:30 a.m.43 views

Dromara Lamp-Cloud Use of Hard-coded Cryptographic Key

Dromara Lamp-Cloud before v3.8.1 was discovered to use a hardcoded cryptographic key when creating and verifying a Json Web Token. This vulnerability allows attackers to authenticate to the application via a crafted JWT token...

9.8CVSS7.3AI score0.00681EPSS
Exploits0References5Affected Software2
OSV
OSV
added 2023/11/02 10:15 p.m.17 views

CVE-2023-31579

Dromara Lamp-Cloud before v3.8.1 was discovered to use a hardcoded cryptographic key when creating and verifying a Json Web Token. This vulnerability allows attackers to authenticate to the application via a crafted JWT token...

9.8CVSS7.2AI score
Exploits0References2
NVD
NVD
added 2023/11/02 10:15 p.m.27 views

CVE-2023-31579

Dromara Lamp-Cloud before v3.8.1 was discovered to use a hardcoded cryptographic key when creating and verifying a Json Web Token. This vulnerability allows attackers to authenticate to the application via a crafted JWT token...

9.8CVSS9.2AI score0.00681EPSS
Exploits0References2
Prion
Prion
added 2023/11/02 10:15 p.m.54 views

Hardcoded credentials

Dromara Lamp-Cloud before v3.8.1 was discovered to use a hardcoded cryptographic key when creating and verifying a Json Web Token. This vulnerability allows attackers to authenticate to the application via a crafted JWT token...

7.5CVSS9.2AI score0.00681EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2023/11/02 12:0 a.m.11 views

CVE-2023-31579

Dromara Lamp-Cloud before v3.8.1 was discovered to use a hardcoded cryptographic key when creating and verifying a Json Web Token. This vulnerability allows attackers to authenticate to the application via a crafted JWT token...

6.9AI score0.00681EPSS
Exploits0References2
CVE
CVE
added 2023/11/02 12:0 a.m.75 views

CVE-2023-31579

The CVE-2023-31579 issue affects Dromara Lamp-Cloud prior to v3.8.1, where a hardcoded cryptographic key is used when creating and verifying JSON Web Tokens. This root cause enables attackers to authenticate to the application via specially crafted JWT tokens, as documented across multiple source...

9.8CVSS9.2AI score0.00681EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder