CVE-2025-70986

Incorrect access control in the selectDept function of RuoYi v4.8.2 allows unauthorized attackers to arbitrarily access sensitive department data...

CVE-2025-70986

Incorrect access control in the selectDept function of RuoYi v4.8.2 allows unauthorized attackers to arbitrarily access sensitive department data...

CVE-2025-70986

CVE-2025-70986 affects RuoYi v4.8.2, in the selectDept function where improper access control allows unauthorized users to arbitrarily read sensitive department data. The vulnerability is rated CVSS v3.1 base score 7.5 (HIGH), with NETWORK attack vector, LOW complexity, no privileges required, an...

CVE-2025-70985

Incorrect access control in the update function of RuoYi v4.8.2 allows unauthorized attackers to arbitrarily modify data outside of their scope...

CVE-2025-70986

Incorrect access control in the selectDept function of RuoYi v4.8.2 allows unauthorized attackers to arbitrarily access sensitive department data...

PT-2026-4524

Name of the Vulnerable Software and Affected Versions RuoYi version 4.8.2 Description A flaw exists in the access control mechanism of the selectDept function. This allows unauthorized access to sensitive department data. Recommendations Update to a newer version that contains a fix for this...

CVE-2021-28411

An issue was discovered in getRememberedSerializedIdentity function in CookieRememberMeManager class in lerry903 RuoYi version 3.4.0, allows remote attackers to escalate privileges...

CVE-2022-23868

RuoYi v4.7.2 contains a CSV injection vulnerability through ruoyi-admin when a victim opens .xlsx log file...

CVE-2025-46175

Ruoyi v4.8.0 is vulnerable to Incorrect Access Control. There is a missing checkUserDataScope permission check in the authRole method of SysUserController.java...

CVE-2025-46174

Ruoyi v4.8.0 vulnerable to Incorrect Access Control. There is a missing checkUserDataScope permission check in the resetPwd Method of SysUserController.java...

CVE-2025-46175

Ruoyi v4.8.0 is vulnerable to Incorrect Access Control. There is a missing checkUserDataScope permission check in the authRole method of SysUserController.java...

EUVD-2021-15091

Malware in sbrugna...

EUVD-2024-52665

Malicious code in bioql PyPI...

EUVD-2025-31183

Malicious code in bioql PyPI...

EUVD-2022-28793

Malicious code in bioql PyPI...

EUVD-2022-39811

Malicious code in bioql PyPI...

EUVD-2025-10359

Malicious code in bioql PyPI...

CVE-2025-7906

A vulnerability was found in yangzongzhuan RuoYi up to 4.8.1 and classified as critical. This issue affects the function uploadFile of the file ruoyi-admin/src/main/java/com/ruoyi/web/controller/common/CommonController.java. The manipulation of the argument File leads to unrestricted upload. The...

CVE-2024-54762

Ruoyi v.4.7.9 and before contains an authenticated SQL injection vulnerability. This is because the filterKeyword method does not completely filter SQL injection keywords, resulting in the risk of SQL injection...

CVE-2024-57436

RuoYi v4.8.0 was discovered to allow unauthorized attackers to view the session ID of the admin in the system monitoring. This issue can allow attackers to impersonate Admin users via using a crafted cookie...