Filtered by vendor Ruoyi
Subscribe
Total
54 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-42900 | 1 Ruoyi | 1 Ruoyi | 2025-05-14 | N/A | 6.1 MEDIUM |
| Ruoyi v4.7.9 and before was discovered to contain a cross-site scripting (XSS) vulnerability via the sql parameter of the createTable() function at /tool/gen/create. | |||||
| CVE-2024-6511 | 1 Ruoyi | 1 Ruoyi | 2025-05-14 | 4.0 MEDIUM | 3.5 LOW |
| A vulnerability classified as problematic was found in y_project RuoYi up to 4.7.9. Affected by this vulnerability is the function isJsonRequest of the component Content-Type Handler. The manipulation of the argument HttpHeaders.CONTENT_TYPE leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-270343. | |||||
| CVE-2024-29400 | 1 Ruoyi | 1 Ruoyi | 2025-05-14 | N/A | 7.5 HIGH |
| An issue was discovered in RuoYi v4.5.1, allows attackers to obtain sensitive information via the status parameter. | |||||
| CVE-2025-0734 | 1 Ruoyi | 1 Ruoyi | 2025-05-13 | 5.8 MEDIUM | 4.7 MEDIUM |
| A vulnerability has been found in y_project RuoYi up to 4.8.0 and classified as critical. This vulnerability affects the function getBeanName of the component Whitelist. The manipulation leads to deserialization. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2023-52048 | 1 Ruoyi | 1 Ruoyi | 2025-04-28 | N/A | 4.7 MEDIUM |
| RuoYi v4.7.8 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /system/notice/. | |||||
| CVE-2021-38241 | 1 Ruoyi | 1 Ruoyi | 2025-04-21 | N/A | 9.8 CRITICAL |
| Deserialization issue discovered in Ruoyi before 4.6.1 allows remote attackers to run arbitrary code via weak cipher in Shiro framework. | |||||
| CVE-2025-28407 | 1 Ruoyi | 1 Ruoyi | 2025-04-09 | N/A | 8.8 HIGH |
| An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the edit method of the /edit/{dictId} endpoint does not properly validate whether the requesting user has permission to modify the specified dictId | |||||
| CVE-2025-28408 | 1 Ruoyi | 1 Ruoyi | 2025-04-09 | N/A | 9.8 CRITICAL |
| An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the selectDeptTree method of the /selectDeptTree/{deptId} endpoint does not properly validate the deptId parameter | |||||
| CVE-2025-28409 | 1 Ruoyi | 1 Ruoyi | 2025-04-09 | N/A | 8.8 HIGH |
| An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the add method of the /add/{parentId} endpoint does not properly validate whether the requesting user has permission to add a menu item under the specified parentId | |||||
| CVE-2025-28410 | 1 Ruoyi | 1 Ruoyi | 2025-04-09 | N/A | 9.8 CRITICAL |
| An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the cancelAuthUserAll method does not properly validate whether the requesting user has administrative privileges | |||||
| CVE-2025-28411 | 1 Ruoyi | 1 Ruoyi | 2025-04-09 | N/A | 9.8 CRITICAL |
| An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the editSave method in /tool/gen/editSave | |||||
| CVE-2025-28412 | 1 Ruoyi | 1 Ruoyi | 2025-04-09 | N/A | 9.8 CRITICAL |
| An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the /editSave method in SysNoticeController | |||||
| CVE-2025-28400 | 1 Ruoyi | 1 Ruoyi | 2025-04-09 | N/A | 6.7 MEDIUM |
| An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the postID parameter in the edit method | |||||
| CVE-2025-28401 | 1 Ruoyi | 1 Ruoyi | 2025-04-09 | N/A | 6.7 MEDIUM |
| An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the menuId parameter | |||||
| CVE-2025-28402 | 1 Ruoyi | 1 Ruoyi | 2025-04-09 | N/A | 9.8 CRITICAL |
| An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the jobId parameter | |||||
| CVE-2025-28403 | 1 Ruoyi | 1 Ruoyi | 2025-04-09 | N/A | 7.2 HIGH |
| An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the editSave method does not properly validate whether the requesting user has administrative privileges before allowing modifications to system configuration settings | |||||
| CVE-2025-28405 | 1 Ruoyi | 1 Ruoyi | 2025-04-09 | N/A | 9.8 CRITICAL |
| An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the changeStatus method | |||||
| CVE-2025-28406 | 1 Ruoyi | 1 Ruoyi | 2025-04-09 | N/A | 9.8 CRITICAL |
| An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the jobLogId parameter | |||||
| CVE-2025-28413 | 1 Ruoyi | 1 Ruoyi | 2025-04-09 | N/A | 9.8 CRITICAL |
| An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the SysDictTypeController component | |||||
| CVE-2024-42913 | 1 Ruoyi | 1 Ruoyi | 2025-03-26 | N/A | 9.8 CRITICAL |
| RuoYi CMS v4.7.9 was discovered to contain a SQL injection vulnerability via the job_id parameter at /sasfs1. | |||||