11 matches found
CVE-2026-7710
A security flaw has been discovered in YunaiV yudao-cloud up to 3.8.0. This affects the function doFilterInternal of the file JwtAuthenticationTokenFilter.java of the component Ruoyi-Vue-Pro. Performing a manipulation of the argument mock-token results in improper authentication. Remote...
CVE-2026-7679 YunaiV yudao-cloud OAuth2TokenServiceImpl.java getAccessToken improper authentication
A security flaw has been discovered in YunaiV yudao-cloud up to 2026.01. This impacts the function getAccessToken of the file yudao-module-system-biz/src/main/java/io/github/ruoyi/common/oauth2/service/impl/OAuth2TokenServiceImpl.java. Performing a manipulation results in improper authentication...
CVE-2026-7679 YunaiV yudao-cloud OAuth2TokenServiceImpl.java getAccessToken improper authentication
A security flaw has been discovered in YunaiV yudao-cloud up to 2026.01. This impacts the function getAccessToken of the file yudao-module-system-biz/src/main/java/io/github/ruoyi/common/oauth2/service/impl/OAuth2TokenServiceImpl.java. Performing a manipulation results in improper authentication...
PT-2026-36727
Name of the Vulnerable Software and Affected Versions YunaiV yudao-cloud versions prior to 3.8.1 Description An authentication bypass exists in the Ruoyi-Vue-Pro component. Manipulation of the mock-token argument within the doFilterInternal function of the JwtAuthenticationTokenFilter.java file...
CVE-2026-5148 YunaiV yudao-cloud page sql injection
A weakness has been identified in YunaiV yudao-cloud up to 2026.01. This vulnerability affects unknown code of the file /admin-api/system/mail-log/page. This manipulation of the argument toMail causes sql injection. The attack can be initiated remotely. The exploit has been made available to the...
CVE-2026-5148 YunaiV yudao-cloud page sql injection
A weakness has been identified in YunaiV yudao-cloud up to 2026.01. This vulnerability affects unknown code of the file /admin-api/system/mail-log/page. This manipulation of the argument toMail causes sql injection. The attack can be initiated remotely. The exploit has been made available to the...
CVE-2026-5147
CVE-2026-5147 affects YunaiV yudao-cloud (up to 2026.01). Affected component: part of the file path /admin-api/system/tenant/get-by-website where manipulating the Website argument yields an SQL injection. Exploitation can be performed remotely and publicly released exploit exists. Severity is ind...
EUVD-2025-28999
Malicious code in bioql PyPI...
CVE-2025-10987 YunaiV yudao-cloud HTTP Request transfer improper authorization
A vulnerability was determined in YunaiV yudao-cloud up to 2025.09. Affected by this issue is some unknown functionality of the file /crm/contact/transfer of the component HTTP Request Handler. This manipulation of the argument contactId causes improper authorization. It is possible to initiate t...
CVE-2025-10987 YunaiV yudao-cloud HTTP Request transfer improper authorization
A vulnerability was determined in YunaiV yudao-cloud up to 2025.09. Affected by this issue is some unknown functionality of the file /crm/contact/transfer of the component HTTP Request Handler. This manipulation of the argument contactId causes improper authorization. It is possible to initiate t...
CVE-2025-10275
CVE-2025-10275 concerns YunaiV yudao-cloud up to 2025.09. Affects an unknown part of the file /crm/business/transfer. Root cause: manipulation of the argument ids/newOwnerUserId can lead to improper authorization, exploitable via remote access. Descriptions across sources confirm the vulnerabilit...