Y

Youlai Security Vulnerabilities (CVE)

Explore vulnerabilities and security advisories affecting Youlai products.

6 known CVE vulnerabilities tracked

Critical
0
High
2
Medium
3
Low
1
None
0

Vulnerabilities By Year

6
2025

Products Affected

Youlai-Mall 4 Youlai-Boot 2

All Youlai CVEs

Recent Highest Score Oldest
CVE-2025-15087
4.3 medium

A security vulnerability has been detected in youlaitech youlai-mall 1.0.0/2.0.0. Affected is the function submitOrderPayment of the file mall-oms/oms-boot/src/main/java/com/youlai/mall/oms/controller/app/OrderController.java. Such manipulation of the argument orderSn leads to improper authorization

Youlai-Mall Dec 25, 2025
CVE-2025-15086
4.3 medium

A weakness has been identified in youlaitech youlai-mall 1.0.0/2.0.0. This impacts the function getMemberByMobile of the file mall-ums/ums-boot/src/main/java/com/youlai/mall/ums/controller/app/MemberController.java. This manipulation causes improper access controls. The attack may be initiated remot

Youlai-Mall Dec 25, 2025
CVE-2025-15085
4.3 medium

A security flaw has been discovered in youlaitech youlai-mall 1.0.0/2.0.0. This affects the function deductBalance of the file mall-ums/ums-boot/src/main/java/com/youlai/mall/ums/controller/app/MemberController.java of the component Balance Handler. The manipulation results in improper authorization

Youlai-Mall Dec 25, 2025
CVE-2025-15084
3.1 low

A vulnerability was identified in youlaitech youlai-mall 1.0.0/2.0.0. The impacted element is the function orderService.payOrder of the file mall-oms/oms-boot/src/main/java/com/youlai/mall/oms/controller/app/OrderController.java of the component Order Payment Handler. The manipulation leads to impro

Youlai-Mall Dec 25, 2025
CVE-2025-66736
7.1 high

youlai-boot V2.21.1 is vulnerable to Incorrect Access Control. The importUsers function in SysUserController.java does not perform a permission check on the current user's identity, which may allow regular users to import user data into the database, resulting in an authorization bypass vulnerabilit

Youlai-Boot Dec 22, 2025
CVE-2025-66735
7.5 high

youlai-boot V2.21.1 is vulnerable to Incorrect Access Control. The getRoleForm function in SysRoleController.java does not perform permission checks, which may allow non-root users to directly access root roles.

Youlai-Boot Dec 22, 2025