Vulnerabilities > Ruoyi

DATE CVE VULNERABILITY TITLE RISK
2024-09-21 CVE-2024-9048 Cross-site Scripting vulnerability in Ruoyi
A vulnerability was found in y_project RuoYi up to 4.7.9.
network
low complexity
ruoyi CWE-79
6.1
2024-08-26 CVE-2024-42913 SQL Injection vulnerability in Ruoyi 4.7.9
RuoYi CMS v4.7.9 was discovered to contain a SQL injection vulnerability via the job_id parameter at /sasfs1.
network
low complexity
ruoyi CWE-89
critical
9.8
2024-07-19 CVE-2024-41599 Cross-site Scripting vulnerability in Ruoyi
Cross Site Scripting vulnerability in RuoYi v.4.7.9 and before allows a remote attacker to execute arbitrary code via the file upload method
network
low complexity
ruoyi CWE-79
6.1
2023-12-28 CVE-2023-7133 Unspecified vulnerability in Ruoyi 4.7.8
A vulnerability was found in y_project RuoYi 4.7.8.
network
low complexity
ruoyi
6.1
2023-12-01 CVE-2023-49371 SQL Injection vulnerability in Ruoyi
RuoYi up to v4.6 was discovered to contain a SQL injection vulnerability via /system/dept/edit.
network
low complexity
ruoyi CWE-89
critical
9.8
2023-08-11 CVE-2021-28411 Improper Privilege Management vulnerability in Ruoyi 3.4.0
An issue was discovered in getRememberedSerializedIdentity function in CookieRememberMeManager class in lerry903 RuoYi version 3.4.0, allows remote attackers to escalate privileges.
network
low complexity
ruoyi CWE-269
critical
9.8
2023-07-21 CVE-2023-3815 Unspecified vulnerability in Ruoyi
A vulnerability, which was classified as problematic, has been found in y_project RuoYi up to 4.7.7.
network
low complexity
ruoyi
6.1
2023-06-08 CVE-2023-3163 SQL Injection vulnerability in Ruoyi
A vulnerability was found in y_project RuoYi up to 4.7.7.
network
low complexity
ruoyi CWE-89
7.5
2023-04-02 CVE-2023-27025 Download of Code Without Integrity Check vulnerability in Ruoyi
An arbitrary file download vulnerability in the background management module of RuoYi v4.7.6 and below allows attackers to download arbitrary files in the server.
network
low complexity
ruoyi CWE-494
7.5
2023-02-02 CVE-2022-48114 SQL Injection vulnerability in Ruoyi
RuoYi up to v4.7.5 was discovered to contain a SQL injection vulnerability via the component /tool/gen/createTable.
network
low complexity
ruoyi CWE-89
critical
9.8