VYPR

Ruoyi Vue Plus

by Dromara

Source repositories

CVEs (3)

  • CVE-2026-2819MedFeb 20, 2026
    risk 0.41cvss 6.3epss 0.00

    A vulnerability was identified in Dromara RuoYi-Vue-Plus up to 5.5.3. This vulnerability affects the function SaServletFilter of the file /workflow/instance/deleteByInstanceIds of the component Workflow Module. The manipulation leads to missing authorization. The attack may be…

  • CVE-2025-66916Jan 8, 2026
    risk 0.00cvss epss 0.01

    The snailjob component in RuoYi-Vue-Plus versions 5.5.1 and earlier, interface /snail-job/workflow/check-node-expression can execute QLExpress expressions, but it does not filter user input, allowing attackers to use the File class to perform arbitrary file reading and writing.

  • CVE-2025-6925Jun 30, 2025
    risk 0.00cvss epss 0.01

    A vulnerability has been found in Dromara RuoYi-Vue-Plus 5.4.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /src/main/java/org/dromara/demo/controller/MailController.java of the component Mail Handler. The manipulation of the…