Yunaiv Ruoyi-Vue-Pro vulnerabilities
4 known vulnerabilities affecting yunaiv/ruoyi-vue-pro.
Total CVEs
4
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH4
Vulnerabilities
Page 1 of 1
CVE-2025-10988P3HIGHCVSS 8.8v2025.092025-09-26
CVE-2025-10988 [HIGH] CWE-266 CVE-2025-10988: A vulnerability was identified in YunaiV ruoyi-vue-pro up to 2025.09. This affects an unknown part o
A vulnerability was identified in YunaiV ruoyi-vue-pro up to 2025.09. This affects an unknown part of the file /crm/business/transfer. Such manipulation leads to improper authorization. It is possible to launch the attack remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not res
nvd
CVE-2025-10278P3HIGHCVSS 8.8v2025.092025-09-12
CVE-2025-10278 [HIGH] CWE-266 CVE-2025-10278: A flaw has been found in YunaiV ruoyi-vue-pro up to 2025.09. Impacted is an unknown function of the
A flaw has been found in YunaiV ruoyi-vue-pro up to 2025.09. Impacted is an unknown function of the file /crm/contact/transfer. This manipulation of the argument ids/newOwnerUserId causes improper authorization. The attack is possible to be carried out remotely. The exploit has been published and may be used. The vendor was contacted early about this d
nvd
CVE-2025-10276P3HIGHCVSS 8.8v2025.092025-09-12
CVE-2025-10276 [HIGH] CWE-266 CVE-2025-10276: A security vulnerability has been detected in YunaiV ruoyi-vue-pro up to 2025.09. This vulnerability
A security vulnerability has been detected in YunaiV ruoyi-vue-pro up to 2025.09. This vulnerability affects unknown code of the file /crm/contract/transfer. The manipulation of the argument id/newOwnerUserId leads to improper authorization. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used. The ven
nvd
CVE-2026-13528P3HIGHCVSS 7.3v2026.04-jdk8-SNAPSHOT2026-06-29
CVE-2026-13528 [HIGH] CWE-22 CVE-2026-13528: A vulnerability was found in YunaiV/zhijiantianya ruoyi-vue-pro up to 2026.04-jdk8-SNAPSHOT. The imp
A vulnerability was found in YunaiV/zhijiantianya ruoyi-vue-pro up to 2026.04-jdk8-SNAPSHOT. The impacted element is the function generateUploadPath of the file yudao-module-infra/src/main/java/cn/iocoder/yudao/module/infra/service/file/FileServiceImpl.java of the component AppFileController File Upload Endpoint. Performing a manipulation results in pa
nvd