CVE-2025-70986

Incorrect access control in the selectDept function of RuoYi v4.8.2 allows unauthorized attackers to arbitrarily access sensitive department data...

CVE-2025-70986

Incorrect access control in the selectDept function of RuoYi v4.8.2 allows unauthorized attackers to arbitrarily access sensitive department data...

CVE-2025-70986

Incorrect access control in the selectDept function of RuoYi v4.8.2 allows unauthorized attackers to arbitrarily access sensitive department data...

CVE-2025-70986

Incorrect access control in the selectDept function of RuoYi v4.8.2 allows unauthorized attackers to arbitrarily access sensitive department data...

CVE-2025-70986

Incorrect access control in the selectDept function of RuoYi v4.8.2 allows unauthorized attackers to arbitrarily access sensitive department data...

CVE-2025-70986

Incorrect access control in the selectDept function of RuoYi v4.8.2 allows unauthorized attackers to arbitrarily access sensitive department data...

Ruoyi security vulnerabilities

Ruoyi is a backend management system developed by Ruoyi’s individual developer. The Ruoyi v4.8.2 version has a security vulnerability, which stems from improper access control in the selectDept function. This vulnerability could allow unauthorized attackers to access sensitive departmental data a...

PT-2026-4524

Name of the Vulnerable Software and Affected Versions RuoYi version 4.8.2 Description A flaw exists in the access control mechanism of the selectDept function. This allows unauthorized access to sensitive department data. Recommendations Update to a newer version that contains a fix for this...

CVE-2025-70986

CVE-2025-70986 affects RuoYi v4.8.2, in the selectDept function where improper access control allows unauthorized users to arbitrarily read sensitive department data. The vulnerability is rated CVSS v3.1 base score 7.5 (HIGH), with NETWORK attack vector, LOW complexity, no privileges required, an...

📄 Grokability Snipe-IT 8.0.4 Insecure Direct Object Reference

Grokability Snipe-IT versions 8.0.4 and below suffer from an insecure direct object reference vulnerability. Exploit Title: Grokability Snipe-IT 8.0.4 - Insecure Direct Object Reference IDOR Google Dork: N/A Date: 2025-05-02 Exploit Author: Sn1p3r-H4ck3r Siripong Jintung Vendor Homepage:...

CVE-2022-2379

The Easy Student Results WordPress plugin through 2.2.8 lacks authorisation in its REST API, allowing unauthenticated users to retrieve information related to the courses, exams, departments as well as student's grades and PII such as email address, physical address, phone number etc...

The vulnerability of the module for creating and saving structured information about company departments in the “LOCMAN Reference Guide for Structural Departments” system, which manages engineering data and the product lifecycle of LOCMAN:PLM, arises from the possibility of unlimited loading of dangerous files. This vulnerability allows attackers to execute arbitrary code.

The vulnerability of the module responsible for creating and saving structured information about company departments in the “LOCZMAN Reference Guide for Structural Departments” system, which manages engineering data and the product lifecycle of LOCZMAN:PLM, relates to the unlimited loading of...