739 matches found
CVE-2026-7710
A security flaw has been discovered in YunaiV yudao-cloud up to 3.8.0. This affects the function doFilterInternal of the file JwtAuthenticationTokenFilter.java of the component Ruoyi-Vue-Pro. Performing a manipulation of the argument mock-token results in improper authentication. Remote...
CVE-2026-9374
A vulnerability was found in yangzongzhuan RuoYi-Vue up to 3.9.2. Impacted is the function FileUploadUtils.upload of the file /common/upload of the component Common Upload Endpoint. Performing a manipulation results in unrestricted upload. The attack is possible to be carried out remotely. The...
CVE-2026-9374
A vulnerability was found in yangzongzhuan RuoYi-Vue up to 3.9.2. Impacted is the function FileUploadUtils.upload of the file /common/upload of the component Common Upload Endpoint. Performing a manipulation results in unrestricted upload. The attack is possible to be carried out remotely. The...
CVE-2026-9374
A vulnerability was found in yangzongzhuan RuoYi-Vue up to 3.9.2. Impacted is the function FileUploadUtils.upload of the file /common/upload of the component Common Upload Endpoint. Performing a manipulation results in unrestricted upload. The attack is possible to be carried out remotely. The...
CVE-2026-9374 yangzongzhuan RuoYi-Vue Common Upload Endpoint upload FileUploadUtils.upload unrestricted upload
A vulnerability was found in yangzongzhuan RuoYi-Vue up to 3.9.2. Impacted is the function FileUploadUtils.upload of the file /common/upload of the component Common Upload Endpoint. Performing a manipulation results in unrestricted upload. The attack is possible to be carried out remotely. The...
CVE-2026-9374 yangzongzhuan RuoYi-Vue Common Upload Endpoint upload FileUploadUtils.upload unrestricted upload
A vulnerability was found in yangzongzhuan RuoYi-Vue up to 3.9.2. Impacted is the function FileUploadUtils.upload of the file /common/upload of the component Common Upload Endpoint. Performing a manipulation results in unrestricted upload. The attack is possible to be carried out remotely. The...
CVE-2026-9374
The CVE applies to yangzongzhuan RuoYi-Vue (up to version 3.9.2). The vulnerable component is the Common Upload Endpoint, specifically the FileUploadUtils.upload function in /common/upload. The root cause is described as a manipulation that enables unrestricted file upload, allowing remote exploi...
EUVD-2026-31585
A vulnerability was found in yangzongzhuan RuoYi-Vue up to 3.9.2. Impacted is the function FileUploadUtils.upload of the file /common/upload of the component Common Upload Endpoint. Performing a manipulation results in unrestricted upload. The attack is possible to be carried out remotely. The...
PT-2026-42935
A vulnerability was found in yangzongzhuan RuoYi-Vue up to 3.9.2. Impacted is the function FileUploadUtils.upload of the file /common/upload of the component Common Upload Endpoint. Performing a manipulation results in unrestricted upload. The attack is possible to be carried out remotely. The...
RuoYi 代码问题漏洞
RuoYi is a backend management system developed by RuoYi, a personal developer in China. Versions of RuoYi 3.9.2 and earlier have code vulnerabilities. These vulnerabilities stem from improper handling of the FileUploadUtils.upload function in the Common Upload Endpoint component, which may lead t...
CVE-2026-7710
A security flaw has been discovered in YunaiV yudao-cloud up to 3.8.0. This affects the function doFilterInternal of the file JwtAuthenticationTokenFilter.java of the component Ruoyi-Vue-Pro. Performing a manipulation of the argument mock-token results in improper authentication. Remote...
yudao-cloud 授权问题漏洞
Yudao-Cloud is a backend management system developed by YunaiV’s individual developers. Versions of Yudao-Cloud 3.8.0 and earlier contained an authorization issue vulnerability. This vulnerability stemmed from the operation of the parameter mock-token in the JwtAuthenticationTokenFilter.java...
CVE-2026-7710 YunaiV yudao-cloud Ruoyi-Vue-Pro JwtAuthenticationTokenFilter.java doFilterInternal improper authentication
A security flaw has been discovered in YunaiV yudao-cloud up to 3.8.0. This affects the function doFilterInternal of the file JwtAuthenticationTokenFilter.java of the component Ruoyi-Vue-Pro. Performing a manipulation of the argument mock-token results in improper authentication. Remote...
CVE-2026-7710
The CVE-2026-7710 issue affects YunaiV yudao-cloud up to version 3.8.0, specifically the JwtAuthenticationTokenFilter.doFilterInternal implementation in Ruoyi-Vue-Pro. A manipulation of the mock-token argument enables improper authentication, with remote exploitation possible. Exploit code is rep...
CVE-2026-7678 YunaiV yudao-cloud GoViewDataServiceImpl.java getDataBySQL sql injection
A vulnerability was identified in YunaiV yudao-cloud up to 2026.01. This affects the function getDataBySQL of the file yudao-module-report-biz/src/main/java/io/github/ruoyi/report/service/impl/GoViewDataServiceImpl.java. Such manipulation leads to sql injection. It is possible to launch the attac...
CVE-2026-4564
A security vulnerability has been detected in yangzongzhuan RuoYi up to 4.8.2. This issue affects some unknown processing of the file /monitor/job/ of the component Quartz Job Handler. Such manipulation of the argument invokeTarget leads to code injection. It is possible to launch the attack...
EUVD-2026-14341
A security vulnerability has been detected in yangzongzhuan RuoYi up to 4.8.2. This issue affects some unknown processing of the file /monitor/job/ of the component Quartz Job Handler. Such manipulation of the argument invokeTarget leads to code injection. It is possible to launch the attack...
CVE-2026-4564
A security vulnerability has been detected in yangzongzhuan RuoYi up to 4.8.2. This issue affects some unknown processing of the file /monitor/job/ of the component Quartz Job Handler. Such manipulation of the argument invokeTarget leads to code injection. It is possible to launch the attack...
Ruoyi 代码注入漏洞
Ruoyi is a backend management system developed by the RuoYi developer. Versions of RuoYi 4.8.2 and earlier had a code injection vulnerability. This vulnerability stemmed from improper handling of the invokeTarget parameter in the Quartz Job Handler component located in the file /monitor/job/...
CVE-2026-4564
A security vulnerability has been detected in yangzongzhuan RuoYi up to 4.8.2. This issue affects some unknown processing of the file /monitor/job/ of the component Quartz Job Handler. Such manipulation of the argument invokeTarget leads to code injection. It is possible to launch the attack...