Lucene search
K

11 matches found

NVD
NVD
added 2026/05/04 12:16 a.m.8 views

CVE-2026-7710

A security flaw has been discovered in YunaiV yudao-cloud up to 3.8.0. This affects the function doFilterInternal of the file JwtAuthenticationTokenFilter.java of the component Ruoyi-Vue-Pro. Performing a manipulation of the argument mock-token results in improper authentication. Remote...

7.5CVSS0.00405EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/05/03 4:15 a.m.5 views

CVE-2026-7679 YunaiV yudao-cloud OAuth2TokenServiceImpl.java getAccessToken improper authentication

A security flaw has been discovered in YunaiV yudao-cloud up to 2026.01. This impacts the function getAccessToken of the file yudao-module-system-biz/src/main/java/io/github/ruoyi/common/oauth2/service/impl/OAuth2TokenServiceImpl.java. Performing a manipulation results in improper authentication...

7.5CVSS6.8AI score0.00414EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/05/03 4:15 a.m.43 views

CVE-2026-7679 YunaiV yudao-cloud OAuth2TokenServiceImpl.java getAccessToken improper authentication

A security flaw has been discovered in YunaiV yudao-cloud up to 2026.01. This impacts the function getAccessToken of the file yudao-module-system-biz/src/main/java/io/github/ruoyi/common/oauth2/service/impl/OAuth2TokenServiceImpl.java. Performing a manipulation results in improper authentication...

7.5CVSS0.00414EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/03 12:0 a.m.12 views

PT-2026-36727

Name of the Vulnerable Software and Affected Versions YunaiV yudao-cloud versions prior to 3.8.1 Description An authentication bypass exists in the Ruoyi-Vue-Pro component. Manipulation of the mock-token argument within the doFilterInternal function of the JwtAuthenticationTokenFilter.java file...

7.5CVSS7.1AI score0.00405EPSS
Exploits0References8
Vulnrichment
Vulnrichment
added 2026/03/30 7:45 p.m.1 views

CVE-2026-5148 YunaiV yudao-cloud page sql injection

A weakness has been identified in YunaiV yudao-cloud up to 2026.01. This vulnerability affects unknown code of the file /admin-api/system/mail-log/page. This manipulation of the argument toMail causes sql injection. The attack can be initiated remotely. The exploit has been made available to the...

5.8CVSS5.7AI score0.00253EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/03/30 7:45 p.m.24 views

CVE-2026-5148 YunaiV yudao-cloud page sql injection

A weakness has been identified in YunaiV yudao-cloud up to 2026.01. This vulnerability affects unknown code of the file /admin-api/system/mail-log/page. This manipulation of the argument toMail causes sql injection. The attack can be initiated remotely. The exploit has been made available to the...

5.8CVSS0.00253EPSS
Exploits0References5
CVE
CVE
added 2026/03/30 6:45 p.m.13 views

CVE-2026-5147

CVE-2026-5147 affects YunaiV yudao-cloud (up to 2026.01). Affected component: part of the file path /admin-api/system/tenant/get-by-website where manipulating the Website argument yields an SQL injection. Exploitation can be performed remotely and publicly released exploit exists. Severity is ind...

7.5CVSS6.8AI score0.00326EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-28999

Malicious code in bioql PyPI...

6.5CVSS6.6AI score0.00296EPSS
Exploits0References5
Cvelist
Cvelist
added 2025/09/26 12:2 a.m.13 views

CVE-2025-10987 YunaiV yudao-cloud HTTP Request transfer improper authorization

A vulnerability was determined in YunaiV yudao-cloud up to 2025.09. Affected by this issue is some unknown functionality of the file /crm/contact/transfer of the component HTTP Request Handler. This manipulation of the argument contactId causes improper authorization. It is possible to initiate t...

6.5CVSS0.00296EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/09/26 12:2 a.m.2 views

CVE-2025-10987 YunaiV yudao-cloud HTTP Request transfer improper authorization

A vulnerability was determined in YunaiV yudao-cloud up to 2025.09. Affected by this issue is some unknown functionality of the file /crm/contact/transfer of the component HTTP Request Handler. This manipulation of the argument contactId causes improper authorization. It is possible to initiate t...

6.5CVSS6.4AI score0.00296EPSS
Exploits0References4
CVE
CVE
added 2025/09/12 1:2 a.m.20 views

CVE-2025-10275

CVE-2025-10275 concerns YunaiV yudao-cloud up to 2025.09. Affects an unknown part of the file /crm/business/transfer. Root cause: manipulation of the argument ids/newOwnerUserId can lead to improper authorization, exploitable via remote access. Descriptions across sources confirm the vulnerabilit...

8.8CVSS6.2AI score0.00296EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder