Lucene search
K

26 matches found

Positive Technologies
Positive Technologies
added 2026/05/24 12:0 a.m.18 views

PT-2026-42935

A vulnerability was found in yangzongzhuan RuoYi-Vue up to 3.9.2. Impacted is the function FileUploadUtils.upload of the file /common/upload of the component Common Upload Endpoint. Performing a manipulation results in unrestricted upload. The attack is possible to be carried out remotely. The...

6.5CVSS6.3AI score0.00195EPSS
Exploits0References3
EUVD
EUVD
added 2026/03/23 12:31 a.m.7 views

EUVD-2026-14341

A security vulnerability has been detected in yangzongzhuan RuoYi up to 4.8.2. This issue affects some unknown processing of the file /monitor/job/ of the component Quartz Job Handler. Such manipulation of the argument invokeTarget leads to code injection. It is possible to launch the attack...

5.8CVSS5.5AI score0.00316EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/03/22 11:51 p.m.33 views

CVE-2026-4564 yangzongzhuan RuoYi Quartz Job job code injection

A security vulnerability has been detected in yangzongzhuan RuoYi up to 4.8.2. This issue affects some unknown processing of the file /monitor/job/ of the component Quartz Job Handler. Such manipulation of the argument invokeTarget leads to code injection. It is possible to launch the attack...

5.8CVSS0.00316EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-29102

Malicious code in bioql PyPI...

5.5CVSS5.5AI score0.00338EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.16 views

EUVD-2025-24145

Malicious code in bioql PyPI...

5.4CVSS4.8AI score0.00303EPSS
Exploits1References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-31183

Malicious code in bioql PyPI...

8.8CVSS6.6AI score0.00365EPSS
Exploits1References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.8 views

EUVD-2025-22029

Malicious code in bioql PyPI...

5.4CVSS4.9AI score0.0024EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2025/09/27 12:48 a.m.7 views

CVE-2025-10989

A security flaw has been discovered in yangzongzhuan RuoYi up to 4.8.1. This vulnerability affects unknown code of the file /system/role/authUser/selectAll. Performing manipulation of the argument userIds results in improper authorization. The attack can be initiated remotely. The exploit has bee...

6.5CVSS6.7AI score0.00365EPSS
Exploits1References1
NVD
NVD
added 2025/09/26 1:15 a.m.10 views

CVE-2025-10989

A security flaw has been discovered in yangzongzhuan RuoYi up to 4.8.1. This vulnerability affects unknown code of the file /system/role/authUser/selectAll. Performing manipulation of the argument userIds results in improper authorization. The attack can be initiated remotely. The exploit has bee...

8.8CVSS0.00365EPSS
Exploits1References4
CVE
CVE
added 2025/09/26 12:32 a.m.18 views

CVE-2025-10989

CVE-2025-10989 affects yangzongzhuan RuoYi up to 4.8.1. The issue resides in the file /system/role/authUser/selectAll where manipulating the argument userIds leads to improper authorization. This can be exploited remotely, and the exploit has been publicly released. Multiple trusted sources consi...

8.8CVSS6.5AI score0.00365EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2025/09/26 12:32 a.m.11 views

CVE-2025-10989 yangzongzhuan RuoYi selectAll improper authorization

A security flaw has been discovered in yangzongzhuan RuoYi up to 4.8.1. This vulnerability affects unknown code of the file /system/role/authUser/selectAll. Performing manipulation of the argument userIds results in improper authorization. The attack can be initiated remotely. The exploit has bee...

6.5CVSS0.00365EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2025/09/26 12:0 a.m.14 views

PT-2025-39468

Name of the Vulnerable Software and Affected Versions yangzongzhuan RuoYi versions up to 4.8.1 Description A security flaw exists in yangzongzhuan RuoYi. The issue involves improper authorization due to manipulation of the userIds argument in the file '/system/role/authUser/selectAll'. This allow...

6.5CVSS6AI score0.00365EPSS
Exploits1References9
Positive Technologies
Positive Technologies
added 2025/09/15 12:0 a.m.11 views

PT-2025-37740

Name of the Vulnerable Software and Affected Versions: yangzongzhuan RuoYi versions up to 4.8.1 Description: A security flaw has been discovered in yangzongzhuan RuoYi. This impacts the filterKeyword function of the file /com/ruoyi/common/utils/sql/SqlUtil.java within the Blacklist Handler...

9.8CVSS6.3AI score0.00367EPSS
Exploits1References7
Cvelist
Cvelist
added 2025/09/13 7:32 p.m.6 views

CVE-2025-10384 yangzongzhuan RuoYi Role cancelAll improper authorization

A flaw has been found in yangzongzhuan RuoYi up to 4.8.1. Affected by this vulnerability is an unknown functionality of the file /system/role/authUser/cancelAll of the component Role Handler. Executing manipulation of the argument roleId/userIds can lead to improper authorization. The attack may ...

5.5CVSS0.00338EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/09/13 7:32 p.m.8 views

CVE-2025-10384 yangzongzhuan RuoYi Role cancelAll improper authorization

A flaw has been found in yangzongzhuan RuoYi up to 4.8.1. Affected by this vulnerability is an unknown functionality of the file /system/role/authUser/cancelAll of the component Role Handler. Executing manipulation of the argument roleId/userIds can lead to improper authorization. The attack may ...

5.5CVSS5.2AI score0.00338EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/08/11 1:2 p.m.5 views

CVE-2025-8847 yangzongzhuan RuoYi edit cross site scripting

A vulnerability was found in yangzongzhuan RuoYi up to 4.8.1. Affected by this vulnerability is the function Edit of the file /system/notice/edit. The manipulation of the argument noticeTitle/noticeContent leads to cross site scripting. The attack can be launched remotely. The exploit has been...

5.1CVSS6.4AI score0.00303EPSS
Exploits1References5
CVE
CVE
added 2025/08/11 1:2 p.m.29 views

CVE-2025-8847

Vulnerability CVE-2025-8847 affects yangzongzhuan RuoYi up to version 4.8.1. The Edit function in /system/notice/edit is vulnerable: manipulating noticeTitle/noticeContent enables cross-site scripting. The issue can be exploited remotely and the exploit has been publicly disclosed. Remediation gu...

5.4CVSS6.4AI score0.00303EPSS
Exploits1References5Affected Software1
Positive Technologies
Positive Technologies
added 2025/08/11 12:0 a.m.9 views

PT-2025-32543 · Yangzongzhuan · Ruoyi

Name of the Vulnerable Software and Affected Versions: yangzongzhuan RuoYi versions up to 4.8.1 Description: A cross-site scripting issue exists in the Edit function of the /system/notice/edit file. Manipulation of the noticeTitle and noticeContent arguments can lead to exploitation. The exploit...

5.1CVSS6.5AI score0.00303EPSS
Exploits1References9
RedhatCVE
RedhatCVE
added 2025/07/22 5:4 p.m.14 views

CVE-2025-7902

A vulnerability classified as problematic has been found in yangzongzhuan RuoYi up to 4.8.1. Affected is the function addSave of the file com/ruoyi/web/controller/system/SysNoticeController.java. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The...

5.4CVSS3.7AI score0.00262EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/07/20 4:32 p.m.4 views

CVE-2025-7903 yangzongzhuan RuoYi Image Source ui layer

A vulnerability classified as problematic was found in yangzongzhuan RuoYi up to 4.8.1. Affected by this vulnerability is an unknown functionality of the component Image Source Handler. The manipulation leads to improper restriction of rendered ui layers. The attack can be launched remotely. The...

5.3CVSS4.7AI score0.0024EPSS
Exploits1References4
Rows per page
Query Builder