Filtered by vendor Ruoyi
Subscriptions
Filtered by product Ruoyi
Subscriptions
Total
31 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-52048 | 1 Ruoyi | 1 Ruoyi | 2025-04-28 | 4.7 Medium |
| RuoYi v4.7.8 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /system/notice/. | ||||
| CVE-2021-38241 | 1 Ruoyi | 1 Ruoyi | 2025-04-21 | 9.8 Critical |
| Deserialization issue discovered in Ruoyi before 4.6.1 allows remote attackers to run arbitrary code via weak cipher in Shiro framework. | ||||
| CVE-2022-4566 | 1 Ruoyi | 1 Ruoyi | 2025-04-15 | 5.5 Medium |
| A vulnerability, which was classified as critical, has been found in y_project RuoYi 4.7.5. This issue affects some unknown processing of the file com/ruoyi/generator/controller/GenController. The manipulation leads to sql injection. The name of the patch is 167970e5c4da7bb46217f576dc50622b83f32b40. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-215975. | ||||
| CVE-2025-28407 | 1 Ruoyi | 1 Ruoyi | 2025-04-09 | 8.8 High |
| An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the edit method of the /edit/{dictId} endpoint does not properly validate whether the requesting user has permission to modify the specified dictId | ||||
| CVE-2025-28408 | 1 Ruoyi | 1 Ruoyi | 2025-04-09 | 9.8 Critical |
| An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the selectDeptTree method of the /selectDeptTree/{deptId} endpoint does not properly validate the deptId parameter | ||||
| CVE-2025-28409 | 1 Ruoyi | 1 Ruoyi | 2025-04-09 | 8.8 High |
| An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the add method of the /add/{parentId} endpoint does not properly validate whether the requesting user has permission to add a menu item under the specified parentId | ||||
| CVE-2025-28410 | 1 Ruoyi | 1 Ruoyi | 2025-04-09 | 9.8 Critical |
| An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the cancelAuthUserAll method does not properly validate whether the requesting user has administrative privileges | ||||
| CVE-2025-28411 | 1 Ruoyi | 1 Ruoyi | 2025-04-09 | 9.8 Critical |
| An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the editSave method in /tool/gen/editSave | ||||
| CVE-2025-28412 | 1 Ruoyi | 1 Ruoyi | 2025-04-09 | 9.8 Critical |
| An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the /editSave method in SysNoticeController | ||||
| CVE-2025-28400 | 1 Ruoyi | 1 Ruoyi | 2025-04-09 | 6.7 Medium |
| An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the postID parameter in the edit method | ||||
| CVE-2025-28401 | 1 Ruoyi | 1 Ruoyi | 2025-04-09 | 6.7 Medium |
| An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the menuId parameter | ||||
| CVE-2025-28402 | 1 Ruoyi | 1 Ruoyi | 2025-04-09 | 9.8 Critical |
| An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the jobId parameter | ||||
| CVE-2025-28403 | 1 Ruoyi | 1 Ruoyi | 2025-04-09 | 7.2 High |
| An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the editSave method does not properly validate whether the requesting user has administrative privileges before allowing modifications to system configuration settings | ||||
| CVE-2025-28405 | 1 Ruoyi | 1 Ruoyi | 2025-04-09 | 9.8 Critical |
| An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the changeStatus method | ||||
| CVE-2025-28406 | 1 Ruoyi | 1 Ruoyi | 2025-04-09 | 9.8 Critical |
| An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the jobLogId parameter | ||||
| CVE-2025-28413 | 1 Ruoyi | 1 Ruoyi | 2025-04-09 | 9.8 Critical |
| An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the SysDictTypeController component | ||||
| CVE-2024-42913 | 1 Ruoyi | 1 Ruoyi | 2025-03-26 | 5.4 Medium |
| RuoYi CMS v4.7.9 was discovered to contain a SQL injection vulnerability via the job_id parameter at /sasfs1. | ||||
| CVE-2022-48114 | 1 Ruoyi | 1 Ruoyi | 2025-03-26 | 9.8 Critical |
| RuoYi up to v4.7.5 was discovered to contain a SQL injection vulnerability via the component /tool/gen/createTable. | ||||
| CVE-2024-41599 | 1 Ruoyi | 1 Ruoyi | 2025-03-19 | 6.1 Medium |
| Cross Site Scripting vulnerability in RuoYi v.4.7.9 and before allows a remote attacker to execute arbitrary code via the file upload method | ||||
| CVE-2023-27025 | 1 Ruoyi | 1 Ruoyi | 2025-02-18 | 7.5 High |
| An arbitrary file download vulnerability in the background management module of RuoYi v4.7.6 and below allows attackers to download arbitrary files in the server. | ||||