Ruoyi

Ruoyi

57 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.4

CVE-2025-10384

Exploit
  • EPSS 0.03%
  • Veröffentlicht 13.09.2025 19:32:06
  • Zuletzt bearbeitet 10.10.2025 18:20:44

A flaw has been found in yangzongzhuan RuoYi up to 4.8.1. Affected by this vulnerability is an unknown functionality of the file /system/role/authUser/cancelAll of the component Role Handler. Executing manipulation of the argument roleId/userIds can ...

5.4

CVE-2025-8847

Exploit
  • EPSS 0.03%
  • Veröffentlicht 11.08.2025 13:15:39
  • Zuletzt bearbeitet 11.09.2025 15:32:32

A vulnerability was found in yangzongzhuan RuoYi up to 4.8.1. Affected by this vulnerability is the function Edit of the file /system/notice/edit. The manipulation of the argument noticeTitle/noticeContent leads to cross site scripting. The attack ca...

5.3

CVE-2025-7907

Exploit
  • EPSS 0.03%
  • Veröffentlicht 20.07.2025 20:32:05
  • Zuletzt bearbeitet 08.08.2025 16:22:26

A vulnerability was found in yangzongzhuan RuoYi up to 4.8.1. It has been classified as problematic. Affected is an unknown function of the file ruoyi-admin/src/main/resources/application-druid.yml of the component Druid. The manipulation leads to us...

5.4

CVE-2025-7906

Exploit
  • EPSS 0.03%
  • Veröffentlicht 20.07.2025 19:32:05
  • Zuletzt bearbeitet 11.09.2025 15:32:06

A vulnerability was found in yangzongzhuan RuoYi up to 4.8.1 and classified as critical. This issue affects the function uploadFile of the file ruoyi-admin/src/main/java/com/ruoyi/web/controller/common/CommonController.java. The manipulation of the a...

5.4

CVE-2025-7903

Exploit
  • EPSS 0.03%
  • Veröffentlicht 20.07.2025 16:32:05
  • Zuletzt bearbeitet 11.09.2025 15:31:05

A vulnerability classified as problematic was found in yangzongzhuan RuoYi up to 4.8.1. Affected by this vulnerability is an unknown functionality of the component Image Source Handler. The manipulation leads to improper restriction of rendered ui la...

5.4

CVE-2025-7902

Exploit
  • EPSS 0.03%
  • Veröffentlicht 20.07.2025 16:15:24
  • Zuletzt bearbeitet 08.08.2025 16:19:51

A vulnerability classified as problematic has been found in yangzongzhuan RuoYi up to 4.8.1. Affected is the function addSave of the file com/ruoyi/web/controller/system/SysNoticeController.java. The manipulation leads to cross site scripting. It is ...

6.1

CVE-2025-7901

Exploit
  • EPSS 0.14%
  • Veröffentlicht 20.07.2025 15:32:04
  • Zuletzt bearbeitet 11.09.2025 15:28:17

A vulnerability was found in yangzongzhuan RuoYi up to 4.8.1. It has been rated as problematic. This issue affects some unknown processing of the file /swagger-ui/index.html of the component Swagger UI. The manipulation of the argument configUrl lead...

3.1

CVE-2025-4819

Exploit
  • EPSS 0.09%
  • Veröffentlicht 17.05.2025 06:15:19
  • Zuletzt bearbeitet 10.10.2025 18:01:20

A vulnerability classified as problematic has been found in y_project RuoYi 4.8.0. Affected is an unknown function of the file /monitor/online/batchForceLogout of the component Offline Logout. The manipulation of the argument ids leads to improper au...

9.8

CVE-2025-28402

Exploit
  • EPSS 0.98%
  • Veröffentlicht 07.04.2025 00:00:00
  • Zuletzt bearbeitet 09.04.2025 17:17:02

An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the jobId parameter

9.8

CVE-2025-28413

Exploit
  • EPSS 0.98%
  • Veröffentlicht 07.04.2025 00:00:00
  • Zuletzt bearbeitet 09.04.2025 14:58:14

An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the SysDictTypeController component