26 matches found
PT-2026-42935
A vulnerability was found in yangzongzhuan RuoYi-Vue up to 3.9.2. Impacted is the function FileUploadUtils.upload of the file /common/upload of the component Common Upload Endpoint. Performing a manipulation results in unrestricted upload. The attack is possible to be carried out remotely. The...
EUVD-2026-14341
A security vulnerability has been detected in yangzongzhuan RuoYi up to 4.8.2. This issue affects some unknown processing of the file /monitor/job/ of the component Quartz Job Handler. Such manipulation of the argument invokeTarget leads to code injection. It is possible to launch the attack...
CVE-2026-4564 yangzongzhuan RuoYi Quartz Job job code injection
A security vulnerability has been detected in yangzongzhuan RuoYi up to 4.8.2. This issue affects some unknown processing of the file /monitor/job/ of the component Quartz Job Handler. Such manipulation of the argument invokeTarget leads to code injection. It is possible to launch the attack...
EUVD-2025-29102
Malicious code in bioql PyPI...
EUVD-2025-24145
Malicious code in bioql PyPI...
EUVD-2025-31183
Malicious code in bioql PyPI...
EUVD-2025-22029
Malicious code in bioql PyPI...
CVE-2025-10989
A security flaw has been discovered in yangzongzhuan RuoYi up to 4.8.1. This vulnerability affects unknown code of the file /system/role/authUser/selectAll. Performing manipulation of the argument userIds results in improper authorization. The attack can be initiated remotely. The exploit has bee...
CVE-2025-10989
A security flaw has been discovered in yangzongzhuan RuoYi up to 4.8.1. This vulnerability affects unknown code of the file /system/role/authUser/selectAll. Performing manipulation of the argument userIds results in improper authorization. The attack can be initiated remotely. The exploit has bee...
CVE-2025-10989
CVE-2025-10989 affects yangzongzhuan RuoYi up to 4.8.1. The issue resides in the file /system/role/authUser/selectAll where manipulating the argument userIds leads to improper authorization. This can be exploited remotely, and the exploit has been publicly released. Multiple trusted sources consi...
CVE-2025-10989 yangzongzhuan RuoYi selectAll improper authorization
A security flaw has been discovered in yangzongzhuan RuoYi up to 4.8.1. This vulnerability affects unknown code of the file /system/role/authUser/selectAll. Performing manipulation of the argument userIds results in improper authorization. The attack can be initiated remotely. The exploit has bee...
PT-2025-39468
Name of the Vulnerable Software and Affected Versions yangzongzhuan RuoYi versions up to 4.8.1 Description A security flaw exists in yangzongzhuan RuoYi. The issue involves improper authorization due to manipulation of the userIds argument in the file '/system/role/authUser/selectAll'. This allow...
PT-2025-37740
Name of the Vulnerable Software and Affected Versions: yangzongzhuan RuoYi versions up to 4.8.1 Description: A security flaw has been discovered in yangzongzhuan RuoYi. This impacts the filterKeyword function of the file /com/ruoyi/common/utils/sql/SqlUtil.java within the Blacklist Handler...
CVE-2025-10384 yangzongzhuan RuoYi Role cancelAll improper authorization
A flaw has been found in yangzongzhuan RuoYi up to 4.8.1. Affected by this vulnerability is an unknown functionality of the file /system/role/authUser/cancelAll of the component Role Handler. Executing manipulation of the argument roleId/userIds can lead to improper authorization. The attack may ...
CVE-2025-10384 yangzongzhuan RuoYi Role cancelAll improper authorization
A flaw has been found in yangzongzhuan RuoYi up to 4.8.1. Affected by this vulnerability is an unknown functionality of the file /system/role/authUser/cancelAll of the component Role Handler. Executing manipulation of the argument roleId/userIds can lead to improper authorization. The attack may ...
CVE-2025-8847 yangzongzhuan RuoYi edit cross site scripting
A vulnerability was found in yangzongzhuan RuoYi up to 4.8.1. Affected by this vulnerability is the function Edit of the file /system/notice/edit. The manipulation of the argument noticeTitle/noticeContent leads to cross site scripting. The attack can be launched remotely. The exploit has been...
CVE-2025-8847
Vulnerability CVE-2025-8847 affects yangzongzhuan RuoYi up to version 4.8.1. The Edit function in /system/notice/edit is vulnerable: manipulating noticeTitle/noticeContent enables cross-site scripting. The issue can be exploited remotely and the exploit has been publicly disclosed. Remediation gu...
PT-2025-32543 · Yangzongzhuan · Ruoyi
Name of the Vulnerable Software and Affected Versions: yangzongzhuan RuoYi versions up to 4.8.1 Description: A cross-site scripting issue exists in the Edit function of the /system/notice/edit file. Manipulation of the noticeTitle and noticeContent arguments can lead to exploitation. The exploit...
CVE-2025-7902
A vulnerability classified as problematic has been found in yangzongzhuan RuoYi up to 4.8.1. Affected is the function addSave of the file com/ruoyi/web/controller/system/SysNoticeController.java. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The...
CVE-2025-7903 yangzongzhuan RuoYi Image Source ui layer
A vulnerability classified as problematic was found in yangzongzhuan RuoYi up to 4.8.1. Affected by this vulnerability is an unknown functionality of the component Image Source Handler. The manipulation leads to improper restriction of rendered ui layers. The attack can be launched remotely. The...