EUVD-2025-199729

Ruoyi v4.8.0 vulnerable to Incorrect Access Control. There is a missing checkUserDataScope permission check in the resetPwd Method of SysUserController.java...

EUVD-2025-10355

Malicious code in bioql PyPI...

EUVD-2024-53590

Malicious code in bioql PyPI...

EUVD-2025-10354

Malicious code in bioql PyPI...

CVE-2025-28407

CVE-2025-28407 affects RUoYi v4.8.0. A remote attacker can escalate privileges through the /edit/{dictId} endpoint due to insufficient permission validation on dictId modification. The CVE indicates high impact (CVSS 3.1: 8.8, Network/Low complexity, Privileges Required: Low, User Interaction: No...

GHSA-H5JH-RP76-Q242 RuoYi has insecure permissions

Insecure permissions in RuoYi v4.8.0 allows authenticated attackers to escalate privileges by assigning themselves higher level roles...

CVE-2024-57439

An issue in the reset password interface of ruoyi v4.8.0 allows attackers with Admin privileges to cause a Denial of Service DoS by duplicating the login name of the account...

CVE-2024-57436

RuoYi v4.8.0 was discovered to allow unauthorized attackers to view the session ID of the admin in the system monitoring. This issue can allow attackers to impersonate Admin users via using a crafted cookie...

CVE-2024-57437

RuoYi v4.8.0 was discovered to contain a SQL injection vulnerability via the orderby parameter at /monitor/online/list...

CVE-2024-57439

An issue in the reset password interface of ruoyi v4.8.0 allows attackers with Admin privileges to cause a Denial of Service DoS by duplicating the login name of the account...

CVE-2024-57437

RuoYi (software) v4.8.0 contains a SQL injection vulnerability in the /monitor/online/list endpoint, exploitable via the orderby parameter. The CVE-2024-57437 entry lists a CVSS v3.1 base score of 6.5 (MEDIUM) with Network attack vector, low attack complexity, and privileges required. The impact ...

BIT-SEOPANEL-2021-39413

Multiple Cross Site Scripting XSS vulnerabilities exits in SEO Panel v4.8.0 via the 1 totime parameter in a backlinks.php, b analytics.php, c log.php, d overview.php, e pagespeed.php, f rank.php, g review.php, h saturationchecker.php, i socialmedia.php, and j reports.php; the 2 fromtime parameter...

fastify vulnerable to denial of service via malicious Content-Type

Impact An attacker can send an invalid Content-Type header that can cause the application to crash, leading to a possible Denial of Service attack. Only the v4.x line is affected. This was updated: upon a close inspection, v3.x is not affected after all. Patches Yes, update to v4.8.0. Workarounds...

GHSA-CRXJ-HRMP-4RWF Labstack Echo Open Redirect vulnerability

Labstack Echo v4.8.0 was discovered to contain an open redirect vulnerability via the Static Handler component. This vulnerability can be leveraged by attackers to cause a Server-Side Request Forgery SSRF. Version 4.9.0 contains a patch for the issue...

CVE-2022-40083

Labstack Echo v4.8.0 was discovered to contain an open redirect vulnerability via the Static Handler component. This vulnerability can be leveraged by attackers to cause a Server-Side Request Forgery SSRF...

CVE-2022-40083

Labstack Echo v4.8.0 was discovered to contain an open redirect vulnerability via the Static Handler component. This vulnerability can be leveraged by attackers to cause a Server-Side Request Forgery SSRF...

CVE-2022-40083

Labstack Echo v4.8.0 was discovered to contain an open redirect vulnerability via the Static Handler component. This vulnerability can be leveraged by attackers to cause a Server-Side Request Forgery SSRF...

CVE-2022-40083

Labstack Echo v4.8.0 contains an open redirect vulnerability via the Static Handler component that can be exploited to cause Server-Side Request Forgery (SSRF). Affected software: Labstack Echo 4.8.0. Root cause: open redirect in Static Handler allows redirection to arbitrary URLs, enabling SSRF....

CVE-2021-39413

Multiple Cross Site Scripting XSS vulnerabilities exits in SEO Panel v4.8.0 via the 1 totime parameter in a backlinks.php, b analytics.php, c log.php, d overview.php, e pagespeed.php, f rank.php, g review.php, h saturationchecker.php, i socialmedia.php, and j reports.php; the 2 fromtime parameter...

CVE-2021-39413

Multiple Cross Site Scripting XSS vulnerabilities exits in SEO Panel v4.8.0 via the 1 totime parameter in a backlinks.php, b analytics.php, c log.php, d overview.php, e pagespeed.php, f rank.php, g review.php, h saturationchecker.php, i socialmedia.php, and j reports.php; the 2 fromtime parameter...