VYPR

Yudao Cloud

by YunaiV

Source repositories

CVEs (10)

  • CVE-2026-7710HigMay 4, 2026
    risk 0.47cvss 7.3epss 0.00

    A security flaw has been discovered in YunaiV yudao-cloud up to 3.8.0. This affects the function doFilterInternal of the file JwtAuthenticationTokenFilter.java of the component Ruoyi-Vue-Pro. Performing a manipulation of the argument mock-token results in improper…

  • CVE-2026-7679HigMay 3, 2026
    risk 0.47cvss 7.3epss 0.00

    A security flaw has been discovered in YunaiV yudao-cloud up to 2026.01. This impacts the function getAccessToken of the file yudao-module-system-biz/src/main/java/io/github/ruoyi/common/oauth2/service/impl/OAuth2TokenServiceImpl.java. Performing a manipulation results in…

  • CVE-2026-5147HigMar 30, 2026
    risk 0.47cvss 7.3epss 0.00

    A security flaw has been discovered in YunaiV yudao-cloud up to 2026.01. This affects an unknown part of the file /admin-api/system/tenant/get-by-website. The manipulation of the argument Website results in sql injection. It is possible to launch the attack remotely. The exploit…

  • CVE-2026-7678MedMay 3, 2026
    risk 0.41cvss 6.3epss 0.00

    A vulnerability was identified in YunaiV yudao-cloud up to 2026.01. This affects the function getDataBySQL of the file yudao-module-report-biz/src/main/java/io/github/ruoyi/report/service/impl/GoViewDataServiceImpl.java. Such manipulation leads to sql injection. It is possible…

  • CVE-2025-15098MedDec 26, 2025
    risk 0.41cvss 6.3epss 0.00

    A vulnerability was determined in YunaiV yudao-cloud up to 2025.11. This affects the function BpmHttpCallbackTrigger/BpmSyncHttpRequestTrigger of the component Business Process Management. Executing manipulation of the argument url/header/body can lead to server-side request…

  • CVE-2025-10987MedSep 26, 2025
    risk 0.41cvss 6.3epss 0.00

    A vulnerability was determined in YunaiV yudao-cloud up to 2025.09. Affected by this issue is some unknown functionality of the file /crm/contact/transfer of the component HTTP Request Handler. This manipulation of the argument contactId causes improper authorization. It is…

  • CVE-2025-10277MedSep 12, 2025
    risk 0.41cvss 6.3epss 0.00

    A vulnerability was detected in YunaiV yudao-cloud up to 2025.09. This issue affects some unknown processing of the file /crm/receivable/submit. The manipulation of the argument ID results in improper authorization. The attack can be executed remotely. The exploit is now public…

  • CVE-2025-10275MedSep 12, 2025
    risk 0.41cvss 6.3epss 0.00

    A weakness has been identified in YunaiV yudao-cloud up to 2025.09. This affects an unknown part of the file /crm/business/transfer. Executing manipulation of the argument ids/newOwnerUserId can lead to improper authorization. The attack may be launched remotely. The exploit has…

  • CVE-2026-9464MedMay 25, 2026
    risk 0.31cvss 4.7epss 0.00

    A vulnerability has been found in YunaiV yudao-cloud 2026.03. This affects the function IotDataSinkHttpConfig of the file /admin-api/iot/data-sink/create of the component Admin API Endpoint. Such manipulation leads to server-side request forgery. The attack may be launched…

  • CVE-2026-5148MedMar 30, 2026
    risk 0.31cvss 4.7epss 0.00

    A weakness has been identified in YunaiV yudao-cloud up to 2026.01. This vulnerability affects unknown code of the file /admin-api/system/mail-log/page. This manipulation of the argument toMail causes sql injection. The attack can be initiated remotely. The exploit has been made…