lostvip CVE Vulnerabilities & Metrics

Focus on lostvip vulnerabilities and metrics.

Last updated: 15 Jul 2026, 22:25 UTC

About lostvip Security Exposure

This page consolidates all known Common Vulnerabilities and Exposures (CVEs) associated with lostvip. We track both calendar-based metrics (using fixed periods) and rolling metrics (using gliding windows) to give you a comprehensive view of security trends and risk evolution. Use these insights to assess risk and plan your patching strategy.

For a broader perspective on cybersecurity threats, explore the comprehensive list of CVEs by vendor and product. Stay updated on critical vulnerabilities affecting major software and hardware providers.

Global CVE Overview

Total lostvip CVEs: 6
Earliest CVE date: 25 Aug 2025, 16:15 UTC
Latest CVE date: 10 Sep 2025, 22:15 UTC

Latest CVE reference: CVE-2025-10218

Rolling Stats

30-day Count (Rolling): 0
365-day Count (Rolling): 6

Calendar-based Variation

Calendar-based Variation compares a fixed calendar period (e.g., this month versus the same month last year), while Rolling Growth Rate uses a continuous window (e.g., last 30 days versus the previous 30 days) to capture trends independent of calendar boundaries.

Variations & Growth

Month Variation (Calendar): 0%
Year Variation (Calendar): 0%

Month Growth Rate (30-day Rolling): 0.0%
Year Growth Rate (365-day Rolling): 0.0%

Monthly CVE Trends (current vs previous Year)

Annual CVE Trends (Last 20 Years)

Critical lostvip CVEs (CVSS ≥ 9) Over 20 Years

CVSS Stats

Average CVSS: 6.08

Max CVSS: 6.5

Critical CVEs (≥9): 0

CVSS Range vs. Count

Range Count
0.0-3.9 0
4.0-6.9 6
7.0-8.9 0
9.0-10.0 0

CVSS Distribution Chart

Top 5 Highest CVSS lostvip CVEs

These are the five CVEs with the highest CVSS scores for lostvip, sorted by severity first and recency.

All CVEs for lostvip

CVE-2025-10218 lostvip vulnerability CVSS: 6.5 10 Sep 2025, 22:15 UTC

A flaw has been found in lostvip-com ruoyi-go 2.1. This affects the function SelectListPage of the file modules/system/dao/SysRoleDao.go of the component Background Management Page. This manipulation of the argument sortName causes sql injection. Remote exploitation of the attack is possible. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2025-9413 lostvip vulnerability CVSS: 6.5 25 Aug 2025, 18:15 UTC

A flaw has been found in lostvip-com ruoyi-go up to 2.1. This impacts the function SelectListByPage of the file modules/system/system_router.go. This manipulation of the argument orderByColumn/isAsc causes sql injection. The attack may be initiated remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2025-9412 lostvip vulnerability CVSS: 6.5 25 Aug 2025, 18:15 UTC

A vulnerability was detected in lostvip-com ruoyi-go up to 2.1. This affects the function SelectListByPage of the file modules/system/dao/DictDataDao.go. The manipulation of the argument orderByColumn/isAsc results in sql injection. The attack can be launched remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2025-9411 lostvip vulnerability CVSS: 6.5 25 Aug 2025, 17:15 UTC

A security vulnerability has been detected in lostvip-com ruoyi-go up to 2.1. The impacted element is the function SelectPageList of the file modules/system/service/LoginInforService.go. The manipulation of the argument isAsc leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2025-9410 lostvip vulnerability CVSS: 6.5 25 Aug 2025, 17:15 UTC

A weakness has been identified in lostvip-com ruoyi-go up to 2.1. The affected element is the function SelectListByPage of the file modules/system/dao/GenTableDao.go. Executing manipulation of the argument isAsc/orderByColumn can lead to sql injection. It is possible to launch the attack remotely. The exploit has been made available to the public and could be exploited. The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2025-9409 lostvip vulnerability CVSS: 4.0 25 Aug 2025, 16:15 UTC

A security flaw has been discovered in lostvip-com ruoyi-go up to 2.1. Impacted is the function DownloadTmp/DownloadUpload of the file modules/system/controller/CommonController.go. Performing manipulation of the argument fileName results in path traversal. It is possible to initiate the attack remotely. The exploit has been released to the public and may be exploited. The vendor was contacted early about this disclosure but did not respond in any way.