CVE-2025-14856

A security vulnerability has been detected in yproject RuoYi up to 4.8.1. The affected element is an unknown function of the file /monitor/cache/getnames. Such manipulation of the argument fragment leads to code injection. The attack can be executed remotely. The exploit has been disclosed public...

CVE-2025-14856 y_project RuoYi getnames code injection

A security vulnerability has been detected in yproject RuoYi up to 4.8.1. The affected element is an unknown function of the file /monitor/cache/getnames. Such manipulation of the argument fragment leads to code injection. The attack can be executed remotely. The exploit has been disclosed public...

CVE-2025-14856

The CVE-2025-14856 entry concerns y_project RuoYi up to version 4.8.1. The vulnerability is due to manipulation of the fragment argument in the file /monitor/cache/getnames, which can lead to code injection. A remote attacker can exploit this, and public exploit information has been disclosed. Af...

PT-2025-21781 · Unknown · Y Project Ruoyi

Name of the Vulnerable Software and Affected Versions: y project RuoYi version 4.8.0 Description: A vulnerability has been found in y project RuoYi. It affects an unknown function of the file /monitor/online/batchForceLogout of the component Offline Logout. The manipulation of the ids argument...

PT-2025-4026 · Unknown · Y Project Ruoyi

Name of the Vulnerable Software and Affected Versions: y project RuoYi versions up to 4.8.0 Description: A critical issue has been found in the Whitelist component, specifically affecting the getBeanName function. This issue leads to deserialization and can be initiated remotely. The exploit has...

PT-2024-37680 · Unknown · Y Project Ruoyi

Name of the Vulnerable Software and Affected Versions: y project RuoYi versions up to 4.7.9 Description: A vulnerability was found in the function isJsonRequest of the component Content-Type Handler. The manipulation of the argument HttpHeaders.CONTENT TYPE leads to cross site scripting. The atta...