Vulnerabilities > Ruoyi
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-12-16 | CVE-2021-38241 | Deserialization of Untrusted Data vulnerability in Ruoyi Deserialization issue discovered in Ruoyi before 4.6.1 allows remote attackers to run arbitrary code via weak cipher in Shiro framework. | 9.8 |
| 2022-12-16 | CVE-2022-4566 | SQL Injection vulnerability in Ruoyi 4.7.5 A vulnerability, which was classified as critical, has been found in y_project RuoYi 4.7.5. | 9.8 |
| 2022-12-08 | CVE-2022-4348 | Improper Enforcement of Message or Data Structure vulnerability in Ruoyi Ruoyi-Cloud A vulnerability was found in y_project RuoYi-Cloud. | 6.1 |
| 2022-07-13 | CVE-2022-32065 | Cross-site Scripting vulnerability in Ruoyi An arbitrary file upload vulnerability in the background management module of RuoYi v4.7.3 and below allows attackers to execute arbitrary code via a crafted HTML file. | 5.4 |
| 2022-03-30 | CVE-2022-23868 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Ruoyi 4.7.2 RuoYi v4.7.2 contains a CSV injection vulnerability through ruoyi-admin when a victim opens .xlsx log file. | 7.8 |
| 2022-03-30 | CVE-2022-23869 | Incorrect Permission Assignment for Critical Resource vulnerability in Ruoyi 4.7.2 In RuoYi v4.7.2 through the WebUI, user test1 does not have permission to reset the password of user test3, but the password of user test3 can be reset through the /system/user/resetPwd request. | 6.5 |