ruoyi
Top products
Latest CVEs
The 15 most recently published vulnerabilities affecting ruoyi.
- CVE-2025-70986Incorrect access control in the selectDept function of RuoYi v4.8.2 allows unauthorized attackers to arbitrarily access sensitive department data.7.5
- CVE-2025-70985Incorrect access control in the update function of RuoYi v4.8.2 allows unauthorized attackers to arbitrarily modify data outside of their scope.9.1
- CVE-2024-57521SQL Injection vulnerability in RuoYi v.4.7.9 and before allows a remote attacker to execute arbitrary code via the createTable function in SqlUtil.java.10.0
- CVE-2025-14856y_project RuoYi getnames code injection6.3
- CVE-2025-67342RuoYi versions 4.8.1 and earlier is affected by a stored XSS vulnerability in the /system/menu/edit endpoint. While the endpoint is protected by an XSS filter, the protection can be bypassed. Addit...4.6
- CVE-2025-56396An issue was discovered in Ruoyi 4.8.1 allowing attackers to gain escalated privileges due to the owning department having higher rights than the active user.8.8
- CVE-2025-46175Ruoyi v4.8.0 is vulnerable to Incorrect Access Control. There is a missing checkUserDataScope permission check in the authRole method of SysUserController.java.7.5
- CVE-2025-46174Ruoyi v4.8.0 vulnerable to Incorrect Access Control. There is a missing checkUserDataScope permission check in the resetPwd Method of SysUserController.java.7.5
- CVE-2025-10989yangzongzhuan RuoYi selectAll improper authorization6.3
- CVE-2025-10473yangzongzhuan RuoYi Blacklist SqlUtil.java filterKeyword sql injection6.3
- CVE-2025-10384yangzongzhuan RuoYi Role cancelAll improper authorization5.4
- CVE-2025-8847yangzongzhuan RuoYi edit cross site scripting3.5
- CVE-2025-7907yangzongzhuan RuoYi Druid application-druid.yml default credentials4.3
- CVE-2025-7906yangzongzhuan RuoYi CommonController.java uploadFile unrestricted upload6.3
- CVE-2025-7903yangzongzhuan RuoYi Image Source ui layer4.3