CVE-2025-70986

Incorrect access control in the selectDept function of RuoYi v4.8.2 allows unauthorized attackers to arbitrarily access sensitive department data...

Ruoyi 安全漏洞

Ruoyi is a backend management system by Ruoyi Personal Developer. A security vulnerability exists in Ruoyi v4.8.0, which stems from a missing permission check in the resetPwd method of SysUserController.java...

RuoYi 安全漏洞

RuoYi is a backend management system for individual developers in RuoYi, China. A security vulnerability exists in RuoYi 4.8.1 and earlier versions, which stems from the use of default credentials by the Druid component...

RuoYi 安全漏洞

RuoYi is a backend management system for individual developers of RuoYi China. A security vulnerability exists in RuoYi v.4.8.0, which stems from an elevation of privilege in the editSave method of SysNoticeController...

RuoYi 安全漏洞

RuoYi is a backend management system by the individual developer of RuoYi in China. A security vulnerability exists in RuoYi version v.4.8.0, which stems from the add method not properly verifying the requested user's permissions, which may result in the addition of a menu item...

RuoYi 安全漏洞

RuoYi is a backend management system for individual developers of RuoYi in China. A security vulnerability exists in RuoYi v.4.8.0, which can be exploited by a remote attacker to elevate privileges via the jobLogId parameter...

RuoYi 安全漏洞

RuoYi is a backend management system for individual developers of RuoYi in China. A security vulnerability exists in RuoYi version v.4.8.0, which stems from the editSave method not properly verifying the requested user privileges, which may result in modification of the system configuration...

RuoYi 安全漏洞

RuoYi is a backend management system by the individual developer RuoYi in China. A security vulnerability exists in RuoYi, which stems from some unknown functions in its JSON Handler component that allow an attacker to implement cross-site scripting. The attack method has been made public and can...