| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-2819 | Dromara RuoYi-Vue-Plus Workflow deleteByInstanceIds SaServletFilter authorization | Dromara | RuoYi-Vue-Plus | Medium | 6.3 | 2026-02-20 01:32:06 | Deep Dive |
| CVE-2026-22786 | Gin-vue-admin has arbitrary file upload vulnerability caused by path traversal | flipped-aurora | gin-vue-admin | - | - | 2026-01-12 21:09:02 | Deep Dive |
| CVE-2025-66410 | Gin-vue-admin has an arbitrary file deletion vulnerability | flipped-aurora | gin-vue-admin | - | - | 2025-12-01 22:29:00 | Deep Dive |
| CVE-2025-10988 | YunaiV ruoyi-vue-pro transfer improper authorization | YunaiV | ruoyi-vue-pro | Medium | 6.3 | 2025-09-26 00:32:07 | Deep Dive |
| CVE-2025-10278 | YunaiV ruoyi-vue-pro transfer improper authorization | YunaiV | ruoyi-vue-pro | Medium | 6.3 | 2025-09-12 03:32:07 | Deep Dive |
| CVE-2025-10276 | YunaiV ruoyi-vue-pro transfer improper authorization | YunaiV | ruoyi-vue-pro | Medium | 6.3 | 2025-09-12 02:02:06 | Deep Dive |
| CVE-2025-53892 | Intlify Vue I18n's escapeParameterHtml does not prevent DOM-based XSS via tag attributes like onerror | intlify | vue-i18n | - | - | 2025-07-16 13:42:09 | Deep Dive |
| CVE-2025-6925 | Dromara RuoYi-Vue-Plus Mail MailController.java path traversal | Dromara | RuoYi-Vue-Plus | Medium | 5.3 | 2025-06-30 18:02:06 | Deep Dive |
| CVE-2025-6099 | szluyu99 gin-vue-blog PATCH Request manager.go improper authorization | szluyu99 | gin-vue-blog | Medium | 5.3 | 2025-06-16 01:00:16 | Deep Dive |
| CVE-2025-5897 | vuejs vue-cli Markdown Code HtmlPwaPlugin.js HtmlPwaPlugin redos | vuejs | vue-cli | Medium | 4.3 | 2025-06-09 21:00:17 | Deep Dive |
| CVE-2025-4537 | yangzongzhuan RuoYi-Vue Password login.vue sensitive information in a cookie | yangzongzhuan | RuoYi-Vue | Low | 3.1 | 2025-05-11 09:31:05 | Deep Dive |
| CVE-2025-3850 | YXJ2018 SpringBoot-Vue-OnlineExam API improper authentication | YXJ2018 | SpringBoot-Vue-OnlineExam | Low | 3.7 | 2025-04-22 00:00:13 | Deep Dive |
| CVE-2025-3849 | YXJ2018 SpringBoot-Vue-OnlineExam studentPWD unverified password change | YXJ2018 | SpringBoot-Vue-OnlineExam | Medium | 4.3 | 2025-04-21 23:31:05 | Deep Dive |
| CVE-2025-2744 | zhijiantianya ruoyi-vue-pro Material Upload Interface upload-news-image path traversal | zhijiantianya | ruoyi-vue-pro | Medium | 5.4 | 2025-03-25 07:00:12 | Deep Dive |
| CVE-2025-2743 | zhijiantianya ruoyi-vue-pro Material Upload Interface upload-temporary path traversal | zhijiantianya | ruoyi-vue-pro | Medium | 4.3 | 2025-03-25 07:00:10 | Deep Dive |
| CVE-2025-2742 | zhijiantianya ruoyi-vue-pro Material Upload Interface upload-permanent path traversal | zhijiantianya | ruoyi-vue-pro | Medium | 5.4 | 2025-03-25 06:31:07 | Deep Dive |
| CVE-2025-2708 | zhijiantianya ruoyi-vue-pro Backend File Upload Interface upload path traversal | zhijiantianya | ruoyi-vue-pro | Medium | 5.4 | 2025-03-24 19:31:04 | Deep Dive |
| CVE-2025-2707 | zhijiantianya ruoyi-vue-pro Front-End Store Interface upload path traversal | zhijiantianya | ruoyi-vue-pro | Medium | 5.4 | 2025-03-24 19:00:06 | Deep Dive |
| CVE-2025-27597 | Vue I18n Prototype Pollution in `handleFlatJson` | intlify | vue-i18n | 超危 | - | 2025-03-07 15:51:40 | Deep Dive |
| CVE-2025-2040 | zhijiantianya ruoyi-vue-pro deploy special elements used in a template engine | zhijiantianya | ruoyi-vue-pro | Medium | 6.3 | 2025-03-06 20:00:12 | Deep Dive |