PT-2026-49298

Name of the Vulnerable Software and Affected Versions RuoYi version 4.8.2 Description An issue in the code generation module allows an authenticated attacker with administrative privileges to access sensitive database information. This is possible through a SQL Injection in the...

CVE-2025-70986

Incorrect access control in the selectDept function of RuoYi v4.8.2 allows unauthorized attackers to arbitrarily access sensitive department data...

PT-2026-4524

Name of the Vulnerable Software and Affected Versions RuoYi version 4.8.2 Description A flaw exists in the access control mechanism of the selectDept function. This allows unauthorized access to sensitive department data. Recommendations Update to a newer version that contains a fix for this...

CVE-2025-70986

CVE-2025-70986 affects RuoYi v4.8.2, in the selectDept function where improper access control allows unauthorized users to arbitrarily read sensitive department data. The vulnerability is rated CVSS v3.1 base score 7.5 (HIGH), with NETWORK attack vector, LOW complexity, no privileges required, an...

CVE-2025-70986

Incorrect access control in the selectDept function of RuoYi v4.8.2 allows unauthorized attackers to arbitrarily access sensitive department data...

CVE-2025-70986

Incorrect access control in the selectDept function of RuoYi v4.8.2 allows unauthorized attackers to arbitrarily access sensitive department data...

CVE-2025-70985

Incorrect access control in the update function of RuoYi v4.8.2 allows unauthorized attackers to arbitrarily modify data outside of their scope...

CVE-2021-28411

An issue was discovered in getRememberedSerializedIdentity function in CookieRememberMeManager class in lerry903 RuoYi version 3.4.0, allows remote attackers to escalate privileges...

CVE-2022-23868

RuoYi v4.7.2 contains a CSV injection vulnerability through ruoyi-admin when a victim opens .xlsx log file...

CVE-2025-46175

Ruoyi v4.8.0 is vulnerable to Incorrect Access Control. There is a missing checkUserDataScope permission check in the authRole method of SysUserController.java...

CVE-2025-46174

Ruoyi v4.8.0 vulnerable to Incorrect Access Control. There is a missing checkUserDataScope permission check in the resetPwd Method of SysUserController.java...

CVE-2025-46175

Ruoyi v4.8.0 is vulnerable to Incorrect Access Control. There is a missing checkUserDataScope permission check in the authRole method of SysUserController.java...

EUVD-2021-15091

Malware in sbrugna...

EUVD-2022-28793

Malicious code in bioql PyPI...

EUVD-2025-10359

Malicious code in bioql PyPI...

EUVD-2024-52665

Malicious code in bioql PyPI...

EUVD-2022-39811

Malicious code in bioql PyPI...

EUVD-2025-31183

Malicious code in bioql PyPI...

CVE-2025-7906

A vulnerability was found in yangzongzhuan RuoYi up to 4.8.1 and classified as critical. This issue affects the function uploadFile of the file ruoyi-admin/src/main/java/com/ruoyi/web/controller/common/CommonController.java. The manipulation of the argument File leads to unrestricted upload. The...

CVE-2024-54762

Ruoyi v.4.7.9 and before contains an authenticated SQL injection vulnerability. This is because the filterKeyword method does not completely filter SQL injection keywords, resulting in the risk of SQL injection...