Vulnerabilities > Ruoyi

DATE	CVE	VULNERABILITY TITLE	RISK
2024-09-21	CVE-2024-9048	Cross-site Scripting vulnerability in Ruoyi A vulnerability was found in y_project RuoYi up to 4.7.9. network low complexity ruoyi CWE-79	6.1
2024-08-26	CVE-2024-42913	SQL Injection vulnerability in Ruoyi 4.7.9 RuoYi CMS v4.7.9 was discovered to contain a SQL injection vulnerability via the job_id parameter at /sasfs1. network low complexity ruoyi CWE-89 critical	9.8
2024-07-19	CVE-2024-41599	Cross-site Scripting vulnerability in Ruoyi Cross Site Scripting vulnerability in RuoYi v.4.7.9 and before allows a remote attacker to execute arbitrary code via the file upload method network low complexity ruoyi CWE-79	6.1
2023-12-28	CVE-2023-7133	Cross-site Scripting vulnerability in Ruoyi 4.7.8 A vulnerability was found in y_project RuoYi 4.7.8. network low complexity ruoyi CWE-79	6.1
2023-12-01	CVE-2023-49371	SQL Injection vulnerability in Ruoyi RuoYi up to v4.6 was discovered to contain a SQL injection vulnerability via /system/dept/edit. network low complexity ruoyi CWE-89 critical	9.8
2023-08-11	CVE-2021-28411	Improper Privilege Management vulnerability in Ruoyi 3.4.0 An issue was discovered in getRememberedSerializedIdentity function in CookieRememberMeManager class in lerry903 RuoYi version 3.4.0, allows remote attackers to escalate privileges. network low complexity ruoyi CWE-269 critical	9.8
2023-07-21	CVE-2023-3815	Cross-site Scripting vulnerability in Ruoyi A vulnerability, which was classified as problematic, has been found in y_project RuoYi up to 4.7.7. network low complexity ruoyi CWE-79	6.1
2023-06-08	CVE-2023-3163	SQL Injection vulnerability in Ruoyi A vulnerability was found in y_project RuoYi up to 4.7.7. network low complexity ruoyi CWE-89	7.5
2023-04-02	CVE-2023-27025	Download of Code Without Integrity Check vulnerability in Ruoyi An arbitrary file download vulnerability in the background management module of RuoYi v4.7.6 and below allows attackers to download arbitrary files in the server. network low complexity ruoyi CWE-494	7.5
2023-02-02	CVE-2022-48114	SQL Injection vulnerability in Ruoyi RuoYi up to v4.7.5 was discovered to contain a SQL injection vulnerability via the component /tool/gen/createTable. network low complexity ruoyi CWE-89 critical	9.8

Vulnerabilities > Ruoyi {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Ruoyi"}]}

Vulnerabilities > Ruoyi