CVE-2026-4564

A security vulnerability has been detected in yangzongzhuan RuoYi up to 4.8.2. This issue affects some unknown processing of the file /monitor/job/ of the component Quartz Job Handler. Such manipulation of the argument invokeTarget leads to code injection. It is possible to launch the attack...

PT-2025-37394

Name of the Vulnerable Software and Affected Versions: yangzongzhuan RuoYi versions up to 4.8.1 Description: A flaw exists in yangzongzhuan RuoYi up to version 4.8.1 related to improper authorization within the Role Handler component. The issue is associated with the /system/role/authUser/cancelA...

CVE-2025-8847

A vulnerability was found in yangzongzhuan RuoYi up to 4.8.1. Affected by this vulnerability is the function Edit of the file /system/notice/edit. The manipulation of the argument noticeTitle/noticeContent leads to cross site scripting. The attack can be launched remotely. The exploit has been...

RuoYi 安全漏洞

RuoYi is a backend management system for individual developers of RuoYi in China. A security vulnerability exists in RuoYi v.4.8.0, which is caused by the cancelAuthUserAll method not properly validating the requested user's permissions...

Ruoyi 代码问题漏洞

RuoYi is a backend management system by the individual developer of RuoYi in China. A security vulnerability exists in versions of Ruoyi prior to 4.6.1, which stems from incorrect deserialization of its Shiro framework allowing an attacker to run arbitrary code via weak passwords...