Lucene search
K

6 matches found

OSV
OSV
added 2026/01/23 12:0 a.m.4 views

CVE-2025-70986

Incorrect access control in the selectDept function of RuoYi v4.8.2 allows unauthorized attackers to arbitrarily access sensitive department data...

7.5CVSS5.9AI score0.00401EPSS
Exploits1References6
Cvelist
Cvelist
added 2025/11/26 12:0 a.m.8 views

CVE-2025-46174

Ruoyi v4.8.0 vulnerable to Incorrect Access Control. There is a missing checkUserDataScope permission check in the resetPwd Method of SysUserController.java...

0.00266EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/11/26 12:0 a.m.11 views

CVE-2025-46175

Ruoyi v4.8.0 is vulnerable to Incorrect Access Control. There is a missing checkUserDataScope permission check in the authRole method of SysUserController.java...

6.3AI score0.00266EPSS
Exploits0References3
OSV
OSV
added 2025/11/26 12:0 a.m.6 views

CVE-2025-46175

Ruoyi v4.8.0 is vulnerable to Incorrect Access Control. There is a missing checkUserDataScope permission check in the authRole method of SysUserController.java...

7.5CVSS6.7AI score0.00266EPSS
Exploits0References5
OSV
OSV
added 2025/04/07 12:0 a.m.10 views

CVE-2025-28403

An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the editSave method does not properly validate whether the requesting user has administrative privileges before allowing modifications to system configuration settings...

7.2CVSS7.1AI score0.00546EPSS
Exploits1References4
OSV
OSV
added 2025/01/29 12:0 a.m.7 views

CVE-2024-57439

An issue in the reset password interface of ruoyi v4.8.0 allows attackers with Admin privileges to cause a Denial of Service DoS by duplicating the login name of the account...

4.9CVSS6.8AI score0.00558EPSS
Exploits1References6
Rows per page
Query Builder