Lucene search
K

25 matches found

NVD
NVD
added 5 days ago9 views

CVE-2026-58176

RuoYi-Vue-Plus through 5.6.2, fixed in commit 88d03d9, exposes workflow task management endpoints under /workflow/task FlwTaskController without any permission check: the controller declares no class-level or method-level authorization annotation, so the endpoints are gated only by global...

7.1CVSS0.00264EPSS
Exploits0References3
CVE
CVE
added 5 days ago8 views

CVE-2026-58176

CVE-2026-58176 affects RuoYi-Vue-Plus up to version 5.6.2. The FlwTaskController’s /workflow/task endpoints lacked any class- or method-level authorization, leaving task management actions (updateAssignee, urging tasks, and listing with pageByAllTaskWait/pageByAllTaskFinish) gated only by global ...

7.1CVSS5.9AI score0.00264EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 5 days ago6 views

PT-2026-53926

Name of the Vulnerable Software and Affected Versions RuoYi-Vue-Plus versions prior to 5.6.3 Description The software exposes workflow task management endpoints under '/workflow/task' FlwTaskController without proper permission checks. Because the controller lacks class-level or method-level...

7.1CVSS6AI score0.00264EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2026/02/21 7:26 a.m.5 views

CVE-2026-2819

A vulnerability was identified in Dromara RuoYi-Vue-Plus up to 5.5.3. This vulnerability affects the function SaServletFilter of the file /workflow/instance/deleteByInstanceIds of the component Workflow Module. The manipulation leads to missing authorization. The attack may be initiated remotely...

6.5CVSS6.1AI score0.00253EPSS
Exploits0References1
NVD
NVD
added 2026/02/20 2:16 a.m.8 views

CVE-2026-2819

A vulnerability was identified in Dromara RuoYi-Vue-Plus up to 5.5.3. This vulnerability affects the function SaServletFilter of the file /workflow/instance/deleteByInstanceIds of the component Workflow Module. The manipulation leads to missing authorization. The attack may be initiated remotely...

6.5CVSS0.00253EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/02/20 1:32 a.m.34 views

CVE-2026-2819 Dromara RuoYi-Vue-Plus Workflow deleteByInstanceIds SaServletFilter authorization

A vulnerability was identified in Dromara RuoYi-Vue-Plus up to 5.5.3. This vulnerability affects the function SaServletFilter of the file /workflow/instance/deleteByInstanceIds of the component Workflow Module. The manipulation leads to missing authorization. The attack may be initiated remotely...

6.5CVSS0.00253EPSS
Exploits0References3
CVE
CVE
added 2026/02/20 1:32 a.m.24 views

CVE-2026-2819

The CVE concerns Dromara RuoYi-Vue-Plus (up to 5.5.3) with a flaw in the Workflow Module’s SaServletFilter handling the endpoint /workflow/instance/deleteByInstanceIds. The root cause is missing authorization, enabling a remote attacker to manipulate workflow instances. The description states the...

6.5CVSS5.2AI score0.00253EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/02/20 12:0 a.m.8 views

RuoYi-Vue-Plus 安全漏洞

RuoYi-Vue-Plus is a development framework created by the dromara organization in China. Versions of RuoYi-Vue-Plus 5.5.3 and earlier contain security vulnerabilities. These vulnerabilities stem from a lack of authorization checks in the SaServletFilter function of the Workflow Module component,...

6.5CVSS6.6AI score0.00253EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/02/20 12:0 a.m.10 views

PT-2026-20990

A vulnerability was identified in Dromara RuoYi-Vue-Plus up to 5.5.3. This vulnerability affects the function SaServletFilter of the file /workflow/instance/deleteByInstanceIds of the component Workflow Module. The manipulation leads to missing authorization. The attack may be initiated remotely...

6.5CVSS5.2AI score0.00253EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/01/09 10:57 a.m.7 views

CVE-2025-66916

The snailjob component in RuoYi-Vue-Plus versions 5.5.1 and earlier, interface /snail-job/workflow/check-node-expression can execute QLExpress expressions, but it does not filter user input, allowing attackers to use the File class to perform arbitrary file reading and writing...

9.4CVSS7.1AI score0.00628EPSS
Exploits1References1
OSV
OSV
added 2026/01/08 8:15 p.m.8 views

CVE-2025-66916

The snailjob component in RuoYi-Vue-Plus versions 5.5.1 and earlier, interface /snail-job/workflow/check-node-expression can execute QLExpress expressions, but it does not filter user input, allowing attackers to use the File class to perform arbitrary file reading and writing...

9.4CVSS6AI score
Exploits0References3
NVD
NVD
added 2026/01/08 8:15 p.m.4 views

CVE-2025-66916

The snailjob component in RuoYi-Vue-Plus versions 5.5.1 and earlier, interface /snail-job/workflow/check-node-expression can execute QLExpress expressions, but it does not filter user input, allowing attackers to use the File class to perform arbitrary file reading and writing...

9.4CVSS0.00628EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/01/08 12:0 a.m.20 views

CVE-2025-66916

The snailjob component in RuoYi-Vue-Plus versions 5.5.1 and earlier, interface /snail-job/workflow/check-node-expression can execute QLExpress expressions, but it does not filter user input, allowing attackers to use the File class to perform arbitrary file reading and writing...

0.00628EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/01/08 12:0 a.m.10 views

RuoYi-Vue-Plus 安全漏洞

RuoYi-Vue-Plus is a development framework from the Chinese organization dromara. A security vulnerability exists in RuoYi-Vue-Plus 5.5.1 and earlier versions, which stems from unfiltered user input and could lead to arbitrary file reading and writing...

9.4CVSS6.7AI score0.00628EPSS
Exploits1References3
CVE
CVE
added 2026/01/08 12:0 a.m.50 views

CVE-2025-66916

The CVE-2025-66916 entry references the snailjob component in RuoYi-Vue-Plus versions 5.5.1 and earlier. The vulnerability occurs at the API endpoint /snail-job/workflow/check-node-expression, where QLExpress expressions are executed without input filtering, allowing an attacker to use the File c...

9.4CVSS6.8AI score0.00628EPSS
Exploits1References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/01/08 12:0 a.m.3 views

PT-2026-1867

Name of the Vulnerable Software and Affected Versions RuoYi-Vue-Plus versions 5.5.1 and earlier Description The snailjob component in RuoYi-Vue-Plus does not filter user input when executing QLExpress expressions through the /snail-job/workflow/check-node-expression API endpoint. This allows...

9.4CVSS6.7AI score0.00628EPSS
Exploits1References8
Vulnrichment
Vulnrichment
added 2026/01/08 12:0 a.m.2 views

CVE-2025-66916

The snailjob component in RuoYi-Vue-Plus versions 5.5.1 and earlier, interface /snail-job/workflow/check-node-expression can execute QLExpress expressions, but it does not filter user input, allowing attackers to use the File class to perform arbitrary file reading and writing...

6.8AI score0.00628EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-28776

Malicious code in bioql PyPI...

9.1CVSS5.6AI score0.00864EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2025/07/02 6:20 p.m.19 views

CVE-2025-6925

A vulnerability has been found in Dromara RuoYi-Vue-Plus 5.4.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /src/main/java/org/dromara/demo/controller/MailController.java of the component Mail Handler. The manipulation of the argument filePath...

6.9CVSS7AI score0.00864EPSS
Exploits1References1
NVD
NVD
added 2025/06/30 6:15 p.m.8 views

CVE-2025-6925

A vulnerability has been found in Dromara RuoYi-Vue-Plus 5.4.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /src/main/java/org/dromara/demo/controller/MailController.java of the component Mail Handler. The manipulation of the argument filePath...

9.1CVSS0.00864EPSS
Exploits1References5
Rows per page
Query Builder