Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

yeqifu — Vulnerabilities & Security Advisories 17

Browse all 17 CVE security advisories affecting yeqifu. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Yeqifu operates as a Chinese financial services platform providing online lending and payment solutions. Historically, the platform has been susceptible to multiple remote code execution vulnerabilities, cross-site scripting flaws, and privilege escalation issues, contributing to its 17 recorded CVEs. Security researchers have identified authentication bypass weaknesses and insecure direct object references in its web applications, potentially exposing sensitive user financial data. While no major public security incidents have been widely documented, the consistent pattern of vulnerabilities suggests ongoing challenges in secure development practices, particularly in input validation and access control mechanisms within its financial service ecosystem.

Top products by yeqifu: warehouse carRental
CVE IDTitleCVSSSeverityPublished
CVE-2026-2852 yeqifu warehouse Sales Endpoint SalesController.java deleteSales access control — warehouseCWE-284 6.3 Medium2026-02-20
CVE-2026-2851 yeqifu warehouse Inport Endpoint InportController.java deleteInport access control — warehouseCWE-284 6.3 Medium2026-02-20
CVE-2026-2850 yeqifu warehouse Customer Endpoint CustomerController.java deleteCustomer access control — warehouseCWE-284 6.3 Medium2026-02-20
CVE-2026-2849 yeqifu warehouse Cache Sync CacheController.java syncCache access control — warehouseCWE-284 5.4 Medium2026-02-20
CVE-2026-2107 yeqifu warehouse Log Info LoginfoController.java batchDeleteLoginfo improper authorization — warehouseCWE-285 6.3 Medium2026-02-07
CVE-2026-2106 yeqifu warehouse Notice Management NoticeController.java batchDeleteNotice improper authorization — warehouseCWE-285 6.3 Medium2026-02-07
CVE-2026-2105 yeqifu warehouse Department Management DeptController.java deleteDept improper authorization — warehouseCWE-285 6.3 Medium2026-02-07
CVE-2026-2079 yeqifu warehouse Menu Management MenuController.java deleteMenu improper authorization — warehouseCWE-285 6.3 Medium2026-02-07
CVE-2026-2078 yeqifu warehouse Permission Management PermissionController.java deletePermission improper authorization — warehouseCWE-285 6.3 Medium2026-02-07
CVE-2026-2077 yeqifu warehouse Role Management RoleController.java deleteRole improper authorization — warehouseCWE-285 6.3 Medium2026-02-07
CVE-2026-2076 yeqifu warehouse User Management Endpoint UserController.java deleteUser improper authorization — warehouseCWE-285 6.3 Medium2026-02-07
CVE-2026-2075 yeqifu warehouse Role-Permission Binding RoleController.java saveRolePermission access control — warehouseCWE-284 6.3 Medium2026-02-07
CVE-2026-0574 yeqifu warehouse Request UserController.java saveUserRole improper authorization — warehouseCWE-285 6.3 Medium2026-01-04
CVE-2026-0571 yeqifu warehouse AppFileUtils.java createResponseEntity path traversal — warehouseCWE-22 4.3 Medium2026-01-02
CVE-2025-15432 yeqifu carRental com.yeqifu.sys.controller.FileController downloadShowFile.action downloadShowFile path traversal — carRentalCWE-22 5.3 Medium2026-01-02
CVE-2025-9650 yeqifu carRental AppFileUtils.java removeFileByPath path traversal — carRentalCWE-22 5.4 Medium2025-08-29
CVE-2025-9310 yeqifu carRental Druid login.html hard-coded credentials — carRentalCWE-798 5.3 Medium2025-08-21

This page lists every published CVE security advisory associated with yeqifu. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.