Filtered by vendor Ruoyi
Subscribe
Total
59 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-28407 | 1 Ruoyi | 1 Ruoyi | 2026-06-17 | N/A | 8.8 HIGH |
| An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the edit method of the /edit/{dictId} endpoint does not properly validate whether the requesting user has permission to modify the specified dictId | |||||
| CVE-2025-28406 | 1 Ruoyi | 1 Ruoyi | 2026-06-17 | N/A | 9.8 CRITICAL |
| An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the jobLogId parameter | |||||
| CVE-2025-28405 | 1 Ruoyi | 1 Ruoyi | 2026-06-17 | N/A | 9.8 CRITICAL |
| An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the changeStatus method | |||||
| CVE-2025-28403 | 1 Ruoyi | 1 Ruoyi | 2026-06-17 | N/A | 7.2 HIGH |
| An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the editSave method does not properly validate whether the requesting user has administrative privileges before allowing modifications to system configuration settings | |||||
| CVE-2025-28402 | 1 Ruoyi | 1 Ruoyi | 2026-06-17 | N/A | 9.8 CRITICAL |
| An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the jobId parameter | |||||
| CVE-2025-28401 | 1 Ruoyi | 1 Ruoyi | 2026-06-17 | N/A | 6.7 MEDIUM |
| An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the menuId parameter | |||||
| CVE-2025-28400 | 1 Ruoyi | 1 Ruoyi | 2026-06-17 | N/A | 6.7 MEDIUM |
| An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the postID parameter in the edit method | |||||
| CVE-2025-14856 | 1 Ruoyi | 1 Ruoyi | 2026-06-17 | 6.5 MEDIUM | 6.3 MEDIUM |
| A security vulnerability has been detected in y_project RuoYi up to 4.8.1. The affected element is an unknown function of the file /monitor/cache/getnames. Such manipulation of the argument fragment leads to code injection. The attack can be executed remotely. The exploit has been disclosed publicly and may be used. | |||||
| CVE-2025-10989 | 1 Ruoyi | 1 Ruoyi | 2026-06-17 | 6.5 MEDIUM | 6.3 MEDIUM |
| A security flaw has been discovered in yangzongzhuan RuoYi up to 4.8.1. This vulnerability affects unknown code of the file /system/role/authUser/selectAll. Performing manipulation of the argument userIds results in improper authorization. The attack can be initiated remotely. The exploit has been released to the public and may be exploited. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-10473 | 1 Ruoyi | 1 Ruoyi | 2026-06-17 | 6.5 MEDIUM | 6.3 MEDIUM |
| A security flaw has been discovered in yangzongzhuan RuoYi up to 4.8.1. This impacts the function filterKeyword of the file /com/ruoyi/common/utils/sql/SqlUtil.java of the component Blacklist Handler. The manipulation results in sql injection. The attack may be launched remotely. The exploit has been released to the public and may be exploited. | |||||
| CVE-2025-10384 | 1 Ruoyi | 1 Ruoyi | 2026-06-17 | 5.5 MEDIUM | 5.4 MEDIUM |
| A flaw has been found in yangzongzhuan RuoYi up to 4.8.1. Affected by this vulnerability is an unknown functionality of the file /system/role/authUser/cancelAll of the component Role Handler. Executing manipulation of the argument roleId/userIds can lead to improper authorization. The attack may be performed from remote. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-0734 | 1 Ruoyi | 1 Ruoyi | 2026-06-17 | 5.8 MEDIUM | 4.7 MEDIUM |
| A vulnerability has been found in y_project RuoYi up to 4.8.0 and classified as critical. This vulnerability affects the function getBeanName of the component Whitelist. The manipulation leads to deserialization. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-9048 | 1 Ruoyi | 1 Ruoyi | 2026-06-17 | 2.6 LOW | 3.1 LOW |
| A vulnerability was found in y_project RuoYi up to 4.7.9. It has been declared as problematic. Affected by this vulnerability is the function SysUserServiceImpl of the file ruoyi-system/src/main/java/com/ruoyi/system/service/impl/SysUserServiceImpl.java of the component Backend User Import. The manipulation of the argument loginName leads to cross site scripting. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The patch is named 9b68013b2af87b9c809c4637299abd929bc73510. It is recommended to apply a patch to fix this issue. | |||||
| CVE-2024-6511 | 1 Ruoyi | 1 Ruoyi | 2026-06-17 | 4.0 MEDIUM | 3.5 LOW |
| A vulnerability classified as problematic was found in y_project RuoYi up to 4.7.9. Affected by this vulnerability is the function isJsonRequest of the component Content-Type Handler. The manipulation of the argument HttpHeaders.CONTENT_TYPE leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-270343. | |||||
| CVE-2024-57521 | 1 Ruoyi | 1 Ruoyi | 2026-06-17 | N/A | 10.0 CRITICAL |
| SQL Injection vulnerability in RuoYi v.4.7.9 and before allows a remote attacker to execute arbitrary code via the createTable function in SqlUtil.java. | |||||
| CVE-2024-57439 | 1 Ruoyi | 1 Ruoyi | 2026-06-17 | N/A | 4.9 MEDIUM |
| An issue in the reset password interface of ruoyi v4.8.0 allows attackers with Admin privileges to cause a Denial of Service (DoS) by duplicating the login name of the account. | |||||
| CVE-2024-57438 | 1 Ruoyi | 1 Ruoyi | 2026-06-17 | N/A | 5.4 MEDIUM |
| Insecure permissions in RuoYi v4.8.0 allows authenticated attackers to escalate privileges by assigning themselves higher level roles. | |||||
| CVE-2024-57437 | 1 Ruoyi | 1 Ruoyi | 2026-06-17 | N/A | 6.5 MEDIUM |
| RuoYi v4.8.0 was discovered to contain a SQL injection vulnerability via the orderby parameter at /monitor/online/list. | |||||
| CVE-2024-57436 | 1 Ruoyi | 1 Ruoyi | 2026-06-17 | N/A | 7.2 HIGH |
| RuoYi v4.8.0 was discovered to allow unauthorized attackers to view the session ID of the admin in the system monitoring. This issue can allow attackers to impersonate Admin users via using a crafted cookie. | |||||
| CVE-2024-54762 | 1 Ruoyi | 1 Ruoyi | 2026-06-17 | N/A | 6.3 MEDIUM |
| Ruoyi v.4.7.9 and before contains an authenticated SQL injection vulnerability. This is because the filterKeyword method does not completely filter SQL injection keywords, resulting in the risk of SQL injection. | |||||