Vulnerabilities > Ruoyi
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-09-21 | CVE-2024-9048 | Cross-site Scripting vulnerability in Ruoyi A vulnerability was found in y_project RuoYi up to 4.7.9. | 6.1 |
2024-08-26 | CVE-2024-42913 | SQL Injection vulnerability in Ruoyi 4.7.9 RuoYi CMS v4.7.9 was discovered to contain a SQL injection vulnerability via the job_id parameter at /sasfs1. | 9.8 |
2024-07-19 | CVE-2024-41599 | Cross-site Scripting vulnerability in Ruoyi Cross Site Scripting vulnerability in RuoYi v.4.7.9 and before allows a remote attacker to execute arbitrary code via the file upload method | 6.1 |
2023-12-28 | CVE-2023-7133 | Unspecified vulnerability in Ruoyi 4.7.8 A vulnerability was found in y_project RuoYi 4.7.8. | 6.1 |
2023-12-01 | CVE-2023-49371 | SQL Injection vulnerability in Ruoyi RuoYi up to v4.6 was discovered to contain a SQL injection vulnerability via /system/dept/edit. | 9.8 |
2023-08-11 | CVE-2021-28411 | Improper Privilege Management vulnerability in Ruoyi 3.4.0 An issue was discovered in getRememberedSerializedIdentity function in CookieRememberMeManager class in lerry903 RuoYi version 3.4.0, allows remote attackers to escalate privileges. | 9.8 |
2023-07-21 | CVE-2023-3815 | Unspecified vulnerability in Ruoyi A vulnerability, which was classified as problematic, has been found in y_project RuoYi up to 4.7.7. | 6.1 |
2023-06-08 | CVE-2023-3163 | SQL Injection vulnerability in Ruoyi A vulnerability was found in y_project RuoYi up to 4.7.7. | 7.5 |
2023-04-02 | CVE-2023-27025 | Download of Code Without Integrity Check vulnerability in Ruoyi An arbitrary file download vulnerability in the background management module of RuoYi v4.7.6 and below allows attackers to download arbitrary files in the server. | 7.5 |
2023-02-02 | CVE-2022-48114 | SQL Injection vulnerability in Ruoyi RuoYi up to v4.7.5 was discovered to contain a SQL injection vulnerability via the component /tool/gen/createTable. | 9.8 |