| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-4564 | yangzongzhuan RuoYi Quartz Job job code injection | yangzongzhuan | RuoYi | Medium | 4.7 | 2026-03-22 23:51:06 | Deep Dive |
| CVE-2026-2819 | Dromara RuoYi-Vue-Plus Workflow deleteByInstanceIds SaServletFilter authorization | Dromara | RuoYi-Vue-Plus | Medium | 6.3 | 2026-02-20 01:32:06 | Deep Dive |
| CVE-2025-14856 | y_project RuoYi getnames code injection | y_project | RuoYi | Medium | 6.3 | 2025-12-18 01:32:08 | Deep Dive |
| CVE-2025-10989 | yangzongzhuan RuoYi selectAll improper authorization | yangzongzhuan | RuoYi | Medium | 6.3 | 2025-09-26 00:32:11 | Deep Dive |
| CVE-2025-10988 | YunaiV ruoyi-vue-pro transfer improper authorization | YunaiV | ruoyi-vue-pro | Medium | 6.3 | 2025-09-26 00:32:07 | Deep Dive |
| CVE-2025-10473 | yangzongzhuan RuoYi Blacklist SqlUtil.java filterKeyword sql injection | yangzongzhuan | RuoYi | Medium | 6.3 | 2025-09-15 19:02:06 | Deep Dive |
| CVE-2025-10384 | yangzongzhuan RuoYi Role cancelAll improper authorization | yangzongzhuan | RuoYi | Medium | 5.4 | 2025-09-13 19:32:07 | Deep Dive |
| CVE-2025-10278 | YunaiV ruoyi-vue-pro transfer improper authorization | YunaiV | ruoyi-vue-pro | Medium | 6.3 | 2025-09-12 03:32:07 | Deep Dive |
| CVE-2025-10276 | YunaiV ruoyi-vue-pro transfer improper authorization | YunaiV | ruoyi-vue-pro | Medium | 6.3 | 2025-09-12 02:02:06 | Deep Dive |
| CVE-2025-10218 | lostvip-com ruoyi-go Background Management SysRoleDao.go SelectListPage sql injection | lostvip-com | ruoyi-go | Medium | 6.3 | 2025-09-10 21:32:05 | Deep Dive |
| CVE-2025-9413 | lostvip-com ruoyi-go system_router.go SelectListByPage sql injection | lostvip-com | ruoyi-go | Medium | 6.3 | 2025-08-25 18:02:08 | Deep Dive |
| CVE-2025-9412 | lostvip-com ruoyi-go DictDataDao.go SelectListByPage sql injection | lostvip-com | ruoyi-go | Medium | 6.3 | 2025-08-25 17:32:07 | Deep Dive |
| CVE-2025-9411 | lostvip-com ruoyi-go LoginInforService.go SelectPageList sql injection | lostvip-com | ruoyi-go | Medium | 6.3 | 2025-08-25 17:02:06 | Deep Dive |
| CVE-2025-9410 | lostvip-com ruoyi-go GenTableDao.go SelectListByPage sql injection | lostvip-com | ruoyi-go | Medium | 6.3 | 2025-08-25 16:32:06 | Deep Dive |
| CVE-2025-9409 | lostvip-com ruoyi-go CommonController.go DownloadUpload path traversal | lostvip-com | ruoyi-go | Medium | 4.3 | 2025-08-25 16:02:07 | Deep Dive |
| CVE-2025-8847 | yangzongzhuan RuoYi edit cross site scripting | yangzongzhuan | RuoYi | Low | 3.5 | 2025-08-11 13:02:07 | Deep Dive |
| CVE-2025-7907 | yangzongzhuan RuoYi Druid application-druid.yml default credentials | yangzongzhuan | RuoYi | Medium | 4.3 | 2025-07-20 20:32:05 | Deep Dive |
| CVE-2025-7906 | yangzongzhuan RuoYi CommonController.java uploadFile unrestricted upload | yangzongzhuan | RuoYi | Medium | 6.3 | 2025-07-20 19:32:05 | Deep Dive |
| CVE-2025-7903 | yangzongzhuan RuoYi Image Source ui layer | yangzongzhuan | RuoYi | Medium | 4.3 | 2025-07-20 16:32:06 | Deep Dive |
| CVE-2025-7902 | yangzongzhuan RuoYi SysNoticeController.java addSave cross site scripting | yangzongzhuan | RuoYi | Low | 3.5 | 2025-07-20 16:02:06 | Deep Dive |