VYPR
Vendor

y_project

Products
2
CVEs
10
Across products
10
Status
Private

Products

2

Recent CVEs

10
  • CVE-2025-14856MedDec 18, 2025
    risk 0.41cvss 6.3epss 0.00

    A security vulnerability has been detected in y_project RuoYi up to 4.8.1. The affected element is an unknown function of the file /monitor/cache/getnames. Such manipulation of the argument fragment leads to code injection. The attack can be executed remotely. The exploit has…

  • CVE-2022-4566MedDec 16, 2022
    risk 0.36cvss 5.5epss 0.01

    A vulnerability, which was classified as critical, has been found in y_project RuoYi 4.7.5. This issue affects some unknown processing of the file com/ruoyi/generator/controller/GenController. The manipulation leads to sql injection. The name of the patch is…

  • CVE-2023-7133MedDec 28, 2023
    risk 0.28cvss 4.3epss 0.01

    A vulnerability was found in y_project RuoYi 4.7.8. It has been declared as problematic. This vulnerability affects unknown code of the file /login of the component HTTP POST Request Handler. The manipulation of the argument rememberMe with the input…

  • CVE-2023-3815LowJul 21, 2023
    risk 0.23cvss 3.5epss 0.01

    A vulnerability, which was classified as problematic, has been found in y_project RuoYi up to 4.7.7. Affected by this issue is the function uploadFilesPath of the component File Upload. The manipulation of the argument originalFilenames leads to cross site scripting. The attack…

  • CVE-2023-3163LowJun 8, 2023
    risk 0.23cvss 3.5epss 0.01

    A vulnerability was found in y_project RuoYi up to 4.7.7. It has been classified as problematic. Affected is the function filterKeyword. The manipulation of the argument value leads to resource consumption. VDB-231090 is the identifier assigned to this vulnerability.

  • CVE-2022-4348LowDec 8, 2022
    risk 0.23cvss 3.5epss 0.00

    A vulnerability was found in y_project RuoYi-Cloud. It has been rated as problematic. Affected by this issue is some unknown functionality of the component JSON Handler. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been…

  • CVE-2025-4819May 17, 2025
    risk 0.00cvss epss 0.00

    A vulnerability classified as problematic has been found in y_project RuoYi 4.8.0. Affected is an unknown function of the file /monitor/online/batchForceLogout of the component Offline Logout. The manipulation of the argument ids leads to improper authorization. It is possible…

  • CVE-2025-0734Jan 27, 2025
    risk 0.00cvss epss 0.01

    A vulnerability has been found in y_project RuoYi up to 4.8.0 and classified as critical. This vulnerability affects the function getBeanName of the component Whitelist. The manipulation leads to deserialization. The attack can be initiated remotely. The exploit has been…

  • CVE-2024-9048Sep 21, 2024
    risk 0.00cvss epss 0.00

    A vulnerability was found in y_project RuoYi up to 4.7.9. It has been declared as problematic. Affected by this vulnerability is the function SysUserServiceImpl of the file ruoyi-system/src/main/java/com/ruoyi/system/service/impl/SysUserServiceImpl.java of the component Backend…

  • CVE-2024-6511Jul 4, 2024
    risk 0.00cvss epss 0.00

    A vulnerability classified as problematic was found in y_project RuoYi up to 4.7.9. Affected by this vulnerability is the function isJsonRequest of the component Content-Type Handler. The manipulation of the argument HttpHeaders.CONTENT_TYPE leads to cross site scripting. The…