Vulnerabilities in dromara
27 resultsCVE-2024-12483MEDIUMDromara UJCMS User ID id authorizationEPSS 3.4%CVE-2023-51653CRITICALHertzbeat JMX JNDI RCEEPSS 2.1%CVE-2023-51387HIGHExpression Injection Vulnerability in HertzbeatEPSS 1.5%CVE-2023-51388CRITICALHertzBeat AviatorScript Inject RCEEPSS 1.3%CVE-2023-51389CRITICALHertzBeat SnakeYAML Deser RCEEPSS 1.3%CVE-2022-39337HIGHPermission bypass due to incorrect configuration in github.com/dromara/hertzbeatEPSS 1.1%CVE-2022-4565MEDIUMDromara HuTool cn.hutool.core.util.ZipUtil.java resource consumptionEPSS 0.9%CVE-2023-51650HIGHUnauthorized access vulnerability on three interfacesEPSS 0.9%CVE-2025-6925MEDIUMDromara RuoYi-Vue-Plus Mail MailController.java path traversalEPSS 0.9%CVE-2026-2953MEDIUMDromara UJCMS Template WebFileTemplateController.delete deleteDirectory path traversalEPSS 0.8%CVE-2023-3276MEDIUMDromara HuTool XML Parsing Module XmlUtil.java readBySax xml external entity referenceEPSS 0.7%CVE-2024-3928MEDIUMDromara open-capacity-platform auth-server heapdump information disclosureEPSS 0.5%CVE-2023-2476LOWDromara J2eeFAST Announcement cross site scriptingEPSS 0.5%CVE-2023-2475LOWDromara J2eeFAST System Message cross site scriptingEPSS 0.5%CVE-2025-6517MEDIUMDromara MaxKey Meta URL SAML20DetailsController.java add server-side request forgeryEPSS 0.4%CVE-2026-2954MEDIUMDromara UJCMS ImportDataController import-channel importChanel injectionEPSS 0.3%CVE-2025-2491MEDIUMDromara ujcms Edit Template File Page WebFileTemplateController.java update cross site scriptingEPSS 0.3%CVE-2026-6125MEDIUMDromara warm-flow Workflow Definition save-json SpelHelper.parseExpression code injectionEPSS 0.3%CVE-2025-2490MEDIUMDromara ujcms File Upload WebFileUploadController.java upload cross site scriptingEPSS 0.3%CVE-2026-9498MEDIUMDromara lamp-cloud Message Template GroovyClassLoader.parseClass special elements used in a template engineEPSS 0.3%