Every CVE whose affected-product data names Youlai Youlai-boot, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (4)
CVE-2025-55469 — CVSS 9.8 (critical): Incorrect access control in youlai-boot v2.21.1 allows attackers to escalate privileges and access the Administrator backend.
CVE-2025-55471 — CVSS 7.5 (high): Incorrect access control in the getUserFormData function of youlai-boot v2.21.1 allows attackers to access sensitive information for other…
CVE-2025-66735 — CVSS 7.5 (high): youlai-boot V2.21.1 is vulnerable to Incorrect Access Control. The getRoleForm function in SysRoleController.java does not perform…
CVE-2025-66736 — CVSS 7.1 (high): youlai-boot V2.21.1 is vulnerable to Incorrect Access Control. The importUsers function in SysUserController.java does not perform a…