CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

36 matches found

Vulnrichment•added 2025/12/18 1:32 a.m.•6 views

CVE-2025-14856 y_project RuoYi getnames code injection

A security vulnerability has been detected in yproject RuoYi up to 4.8.1. The affected element is an unknown function of the file /monitor/cache/getnames. Such manipulation of the argument fragment leads to code injection. The attack can be executed remotely. The exploit has been disclosed public...

6.5CVSS6.7AI score0.00042EPSS

Exploits1References5

EUVD•added 2025/12/18 1:32 a.m.•3 views

EUVD-2025-204020

6.5CVSS6.5AI score0.00042EPSS

Exploits1References5

EUVD•added 2025/10/03 8:7 p.m.•2 views

EUVD-2023-2107

Malicious code in bioql PyPI...

6.1CVSS4.7AI score0.00096EPSS

Exploits1References5

RedhatCVE•added 2025/05/23 11:57 a.m.•6 views

CVE-2025-0734

A vulnerability has been found in yproject RuoYi up to 4.8.0 and classified as critical. This vulnerability affects the function getBeanName of the component Whitelist. The manipulation leads to deserialization. The attack can be initiated remotely. The exploit has been disclosed to the public an...

7.2CVSS6.7AI score0.00244EPSS

Exploits0References1

Vulnrichment•added 2025/05/17 6:0 a.m.•7 views

CVE-2025-4819 y_project RuoYi Offline Logout batchForceLogout improper authorization

A vulnerability classified as problematic has been found in yproject RuoYi 4.8.0. Affected is an unknown function of the file /monitor/online/batchForceLogout of the component Offline Logout. The manipulation of the argument ids leads to improper authorization. It is possible to launch the attack...

3.1CVSS4AI score0.00256EPSS

Exploits1References4

Cvelist•added 2025/05/17 6:0 a.m.•19 views

CVE-2025-4819 y_project RuoYi Offline Logout batchForceLogout improper authorization

3.1CVSS0.00256EPSS

Exploits1References4

OSV•added 2025/01/27 7:15 p.m.•2 views

CVE-2025-0734

7.2CVSS6.6AI score

Exploits0References4

CVE•added 2024/09/21 8:31 a.m.•45 views

CVE-2024-9048

CVE-2024-9048 affects y_project RuoYi (up to 4.7.9). The issue resides in SysUserServiceImpl.java (Backend User Import) where improper handling/manipulation of the loginName parameter enables cross-site scripting. The vulnerability is exploitable remotely; attack complexity is described as high, ...

6.3CVSS4AI score0.00136EPSS

Exploits0References5Affected Software1

Cvelist•added 2024/09/21 8:31 a.m.•17 views

CVE-2024-9048 y_project RuoYi Backend User Import SysUserServiceImpl.java SysUserServiceImpl cross site scripting

A vulnerability was found in yproject RuoYi up to 4.7.9. It has been declared as problematic. Affected by this vulnerability is the function SysUserServiceImpl of the file ruoyi-system/src/main/java/com/ruoyi/system/service/impl/SysUserServiceImpl.java of the component Backend User Import. The...

6.3CVSS0.00136EPSS

Exploits0References5

Vulnrichment•added 2024/09/21 8:31 a.m.•13 views

CVE-2024-9048 y_project RuoYi Backend User Import SysUserServiceImpl.java SysUserServiceImpl cross site scripting

6.3CVSS6.1AI score0.00136EPSS

Exploits0References5

NVD•added 2024/07/04 7:15 p.m.•20 views

CVE-2024-6511

A vulnerability classified as problematic was found in yproject RuoYi up to 4.7.9. Affected by this vulnerability is the function isJsonRequest of the component Content-Type Handler. The manipulation of the argument HttpHeaders.CONTENTTYPE leads to cross site scripting. The attack can be launched...

6.1CVSS0.00632EPSS

Exploits1References3

CVE•added 2024/07/04 7:0 p.m.•47 views

CVE-2024-6511

CVE-2024-6511 affects y_project RuoYi up to 4.7.9. The isJsonRequest function in the Content-Type Handler is vulnerable to cross-site scripting via manipulation of HttpHeaders.CONTENT_TYPE. The vulnerability is exploitable remotely; public exploit is disclosed. Impact in the sources is described ...

6.1CVSS3.7AI score0.00632EPSS

Exploits1References3Affected Software1

Vulnrichment•added 2024/07/04 7:0 p.m.•11 views

CVE-2024-6511 y_project RuoYi Content-Type isJsonRequest cross site scripting

5.3CVSS6.2AI score0.00632EPSS

Exploits1References3

NVD•added 2023/12/28 6:15 p.m.•10 views

CVE-2023-7133

A vulnerability was found in yproject RuoYi 4.7.8. It has been declared as problematic. This vulnerability affects unknown code of the file /login of the component HTTP POST Request Handler. The manipulation of the argument rememberMe with the input falsen3f0malert1p86o0 leads to cross site...

6.1CVSS0.00145EPSS

Exploits1References3

Prion•added 2023/12/28 6:15 p.m.•11 views

Cross site scripting

5CVSS6.6AI score0.00145EPSS

Exploits1References3Affected Software1

CVE•added 2023/12/28 5:31 p.m.•38 views

CVE-2023-7133

CVE-2023-7133 affects y_project RuoYi 4.7.8. The vulnerability is a cross-site scripting flaw in the HTTP POST login handler, caused by manipulating the rememberMe parameter with input like falsen3f0mp86o0. Attacker can exploit remotely; the exploit has been disclosed. Root cause centers on impro...

6.1CVSS5.2AI score0.00145EPSS

Exploits1References3Affected Software1

OSV•added 2023/07/21 6:30 a.m.•15 views

GHSA-P4WW-J4PR-QW6Q RuoYi vulnerable to Cross-site Scripting

A vulnerability, which was classified as problematic, has been found in yproject RuoYi up to 4.7.7. Affected by this issue is the function uploadFilesPath of the component File Upload. The manipulation of the argument originalFilenames leads to cross site scripting. The attack may be launched...

3.5CVSS4.6AI score0.00096EPSS

Exploits1References5

OSV•added 2023/07/21 5:15 a.m.•16 views

CVE-2023-3815

6.1CVSS6.4AI score

Exploits0References3

NVD•added 2023/07/21 5:15 a.m.•10 views

CVE-2023-3815

6.1CVSS4.4AI score0.00096EPSS

Exploits1References3

Prion•added 2023/07/21 5:15 a.m.•35 views

Cross site scripting