浏览 25+ 条来自 NVD 与 CNNVD 的 CVE 漏洞,配 AI 中文翻译、AI POC 生成、每日情报;可按厂商、产品、严重等级、CWE 检索。
| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-6125 | Dromara warm-flow Workflow Definition save-json SpelHelper.parseExpression code injection | Dromara | warm-flow | Medium | 6.3 | 2026-04-12 09:30:22 | Deep Dive |
| CVE-2026-5529 | Dromara lamp-cloud DefUserController pageUser improper authorization | Dromara | lamp-cloud | Medium | 4.3 | 2026-04-05 00:15:13 | Deep Dive |
| CVE-2026-2954 | Dromara UJCMS ImportDataController import-channel importChanel injection | Dromara | UJCMS | Medium | 6.3 | 2026-02-22 15:02:17 | Deep Dive |
| CVE-2026-2953 | Dromara UJCMS Template WebFileTemplateController.delete deleteDirectory path traversal | Dromara | UJCMS | Medium | 5.4 | 2026-02-22 14:02:15 | Deep Dive |
| CVE-2026-2819 | Dromara RuoYi-Vue-Plus Workflow deleteByInstanceIds SaServletFilter authorization | Dromara | RuoYi-Vue-Plus | Medium | 6.3 | 2026-02-20 01:32:06 | Deep Dive |
| CVE-2025-15222 | Dromara Sa-Token SaSerializerTemplateForJdkUseBase64.java ObjectInputStream.readObject deserialization | Dromara | Sa-Token | Medium | 5.0 | 2025-12-30 05:32:06 | Deep Dive |
| CVE-2025-15117 | Dromara Sa-Token SaJdkSerializer.java ObjectInputStream.readObject deserialization | Dromara | Sa-Token | Low | 3.1 | 2025-12-28 02:32:06 | Deep Dive |
| CVE-2025-13268 | Dromara dataCompare JDBC URL DbconfigServiceImpl.java DbConfig injection | Dromara | dataCompare | Medium | 6.3 | 2025-11-17 07:02:08 | Deep Dive |
| CVE-2025-7552 | Dromara Northstar Path AuthorizationInterceptor.java preHandle access control | Dromara | Northstar | Medium | 6.3 | 2025-07-13 23:32:16 | Deep Dive |
| CVE-2025-6925 | Dromara RuoYi-Vue-Plus Mail MailController.java path traversal | Dromara | RuoYi-Vue-Plus | Medium | 5.3 | 2025-06-30 18:02:06 | Deep Dive |
| CVE-2025-6517 | Dromara MaxKey Meta URL SAML20DetailsController.java add server-side request forgery | Dromara | MaxKey | Medium | 6.3 | 2025-06-23 18:00:16 | Deep Dive |
| CVE-2025-2491 | Dromara ujcms Edit Template File Page WebFileTemplateController.java update cross site scripting | Dromara | ujcms | Low | 2.4 | 2025-03-18 14:31:04 | Deep Dive |
| CVE-2025-2490 | Dromara ujcms File Upload WebFileUploadController.java upload cross site scripting | Dromara | ujcms | Low | 2.4 | 2025-03-18 14:00:07 | Deep Dive |
| CVE-2024-12483 | Dromara UJCMS User ID id authorization | Dromara | UJCMS | Low | 3.7 | 2024-12-11 20:00:15 | Deep Dive |
| CVE-2024-3928 | Dromara open-capacity-platform auth-server heapdump information disclosure | Dromara | open-capacity-platform | Medium | 4.3 | 2024-04-17 23:31:05 | Deep Dive |
| CVE-2023-51389 | HertzBeat SnakeYAML Deser RCE | dromara | hertzbeat | Critical | 9.8 | 2024-02-22 15:59:30 | Deep Dive |
| CVE-2023-51388 | HertzBeat AviatorScript Inject RCE | dromara | hertzbeat | Critical | 9.8 | 2024-02-22 15:53:46 | Deep Dive |
| CVE-2023-51653 | Hertzbeat JMX JNDI RCE | dromara | hertzbeat | Critical | 9.8 | 2024-02-22 15:39:49 | Deep Dive |
| CVE-2023-51650 | Unauthorized access vulnerability on three interfaces | dromara | hertzbeat | High | 7.5 | 2023-12-22 20:56:37 | Deep Dive |
| CVE-2023-51387 | Expression Injection Vulnerability in Hertzbeat | dromara | hertzbeat | High | 7.2 | 2023-12-22 20:46:29 | Deep Dive |