Dromara

Ruoyi-vue-plus

3 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.3

CVE-2026-2819

  • EPSS 0.01%
  • Veröffentlicht 20.02.2026 02:16:55
  • Zuletzt bearbeitet 20.02.2026 13:49:47

A vulnerability was identified in Dromara RuoYi-Vue-Plus up to 5.5.3. This vulnerability affects the function SaServletFilter of the file /workflow/instance/deleteByInstanceIds of the component Workflow Module. The manipulation leads to missing autho...

9.4

CVE-2025-66916

Exploit
  • EPSS 0.08%
  • Veröffentlicht 08.01.2026 00:00:00
  • Zuletzt bearbeitet 30.01.2026 01:05:34

The snailjob component in RuoYi-Vue-Plus versions 5.5.1 and earlier, interface /snail-job/workflow/check-node-expression can execute QLExpress expressions, but it does not filter user input, allowing attackers to use the File class to perform arbitra...

9.1

CVE-2025-6925

Exploit
  • EPSS 0.27%
  • Veröffentlicht 30.06.2025 18:15:26
  • Zuletzt bearbeitet 16.09.2025 13:46:47

A vulnerability has been found in Dromara RuoYi-Vue-Plus 5.4.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /src/main/java/org/dromara/demo/controller/MailController.java of the component Mail Han...