VYPR
Vendor

Yangzongzhuan

Products
1
CVEs
16
Across products
16
Status
Private

Products

1

Recent CVEs

16
  • CVE-2026-9374MedMay 24, 2026
    risk 0.41cvss 6.3epss 0.00

    A vulnerability was found in yangzongzhuan RuoYi-Vue up to 3.9.2. Impacted is the function FileUploadUtils.upload of the file /common/upload of the component Common Upload Endpoint. Performing a manipulation results in unrestricted upload. The attack is possible to be carried…

  • CVE-2025-10989MedSep 26, 2025
    risk 0.41cvss 6.3epss 0.00

    A security flaw has been discovered in yangzongzhuan RuoYi up to 4.8.1. This vulnerability affects unknown code of the file /system/role/authUser/selectAll. Performing manipulation of the argument userIds results in improper authorization. The attack can be initiated remotely.…

  • CVE-2025-10473MedSep 15, 2025
    risk 0.41cvss 6.3epss 0.00

    A security flaw has been discovered in yangzongzhuan RuoYi up to 4.8.1. This impacts the function filterKeyword of the file /com/ruoyi/common/utils/sql/SqlUtil.java of the component Blacklist Handler. The manipulation results in sql injection. The attack may be launched…

  • CVE-2025-7906MedJul 20, 2025
    risk 0.41cvss 6.3epss 0.00

    A vulnerability was found in yangzongzhuan RuoYi up to 4.8.1 and classified as critical. This issue affects the function uploadFile of the file ruoyi-admin/src/main/java/com/ruoyi/web/controller/common/CommonController.java. The manipulation of the argument File leads to…

  • CVE-2026-37216MedJun 15, 2026
    risk 0.40cvss 6.1epss 0.00

    Ruoyi 4.8.2 is vulnerable to Cross Site Scripting (XSS) at the interface /system/notice/add.

  • CVE-2026-4564MedMar 23, 2026
    risk 0.31cvss 4.7epss 0.00

    A security vulnerability has been detected in yangzongzhuan RuoYi up to 4.8.2. This issue affects some unknown processing of the file /monitor/job/ of the component Quartz Job Handler. Such manipulation of the argument invokeTarget leads to code injection. It is possible to…

  • CVE-2025-7907MedJul 20, 2025
    risk 0.28cvss 4.3epss 0.00

    A vulnerability was found in yangzongzhuan RuoYi up to 4.8.1. It has been classified as problematic. Affected is an unknown function of the file ruoyi-admin/src/main/resources/application-druid.yml of the component Druid. The manipulation leads to use of default credentials. It…

  • CVE-2025-7903MedJul 20, 2025
    risk 0.28cvss 4.3epss 0.00

    A vulnerability classified as problematic was found in yangzongzhuan RuoYi up to 4.8.1. Affected by this vulnerability is an unknown functionality of the component Image Source Handler. The manipulation leads to improper restriction of rendered ui layers. The attack can be…

  • CVE-2025-8847LowAug 11, 2025
    risk 0.23cvss 3.5epss 0.00

    A vulnerability was found in yangzongzhuan RuoYi up to 4.8.1. Affected by this vulnerability is the function Edit of the file /system/notice/edit. The manipulation of the argument noticeTitle/noticeContent leads to cross site scripting. The attack can be launched remotely. The…

  • CVE-2025-7902LowJul 20, 2025
    risk 0.23cvss 3.5epss 0.00

    A vulnerability classified as problematic has been found in yangzongzhuan RuoYi up to 4.8.1. Affected is the function addSave of the file com/ruoyi/web/controller/system/SysNoticeController.java. The manipulation leads to cross site scripting. It is possible to launch the attack…

  • CVE-2025-70986Jan 23, 2026
    risk 0.00cvss epss 0.00

    Incorrect access control in the selectDept function of RuoYi v4.8.2 allows unauthorized attackers to arbitrarily access sensitive department data.

  • CVE-2025-70985Jan 23, 2026
    risk 0.00cvss epss 0.00

    Incorrect access control in the update function of RuoYi v4.8.2 allows unauthorized attackers to arbitrarily modify data outside of their scope.

  • CVE-2024-57521Dec 23, 2025
    risk 0.00cvss epss 0.01

    SQL Injection vulnerability in RuoYi v.4.7.9 and before allows a remote attacker to execute arbitrary code via the createTable function in SqlUtil.java.

  • CVE-2025-67342Dec 12, 2025
    risk 0.00cvss epss 0.00

    RuoYi versions 4.8.1 and earlier is affected by a stored XSS vulnerability in the /system/menu/edit endpoint. While the endpoint is protected by an XSS filter, the protection can be bypassed. Additionally, because the menu is shared across all users, any user with menu…

  • CVE-2025-7901Jul 20, 2025
    risk 0.00cvss epss 0.01

    A vulnerability was found in yangzongzhuan RuoYi up to 4.8.1. It has been rated as problematic. This issue affects some unknown processing of the file /swagger-ui/index.html of the component Swagger UI. The manipulation of the argument configUrl leads to cross site scripting.…

  • CVE-2025-4537May 11, 2025
    risk 0.00cvss epss 0.00

    A vulnerability was found in yangzongzhuan RuoYi-Vue up to 3.8.9 and classified as problematic. Affected by this issue is some unknown functionality of the file ruoyi-ui/jsencrypt.js and ruoyi-ui/login.vue of the component Password Handler. The manipulation leads to cleartext…