CVSS: 3.1EPSS: 0%CPEs: 1EXPL: 1CVE-2025-4819 – y_project RuoYi Offline Logout batchForceLogout improper authorization
https://notcve.org/view.php?id=CVE-2025-4819
17 May 2025 — A vulnerability classified as problematic has been found in y_project RuoYi 4.8.0. Affected is an unknown function of the file /monitor/online/batchForceLogout of the component Offline Logout. The manipulation of the argument ids leads to improper authorization. It is possible to launch the attack remotely. The complexity of an attack is rather high. • https://github.com/chujianxin0101/vuln/issues/4 • CWE-266: Incorrect Privilege Assignment CWE-285: Improper Authorization •
CVSS: 5.8EPSS: 0%CPEs: 9EXPL: 1CVE-2025-0734 – y_project RuoYi Whitelist getBeanName deserialization
https://notcve.org/view.php?id=CVE-2025-0734
27 Jan 2025 — A vulnerability has been found in y_project RuoYi up to 4.8.0 and classified as critical. This vulnerability affects the function getBeanName of the component Whitelist. The manipulation leads to deserialization. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. • https://gist.github.com/GSBP0/3c1b0f9dbdd2a48b8f52330cfbbc279b • CWE-20: Improper Input Validation CWE-502: Deserialization of Untrusted Data •
CVSS: 6.3EPSS: 0%CPEs: 10EXPL: 1CVE-2024-9048 – y_project RuoYi Backend User Import SysUserServiceImpl.java SysUserServiceImpl cross site scripting
https://notcve.org/view.php?id=CVE-2024-9048
21 Sep 2024 — A vulnerability was found in y_project RuoYi up to 4.7.9. It has been declared as problematic. Affected by this vulnerability is the function SysUserServiceImpl of the file ruoyi-system/src/main/java/com/ruoyi/system/service/impl/SysUserServiceImpl.java of the component Backend User Import. The manipulation of the argument loginName leads to cross site scripting. The attack can be launched remotely. • https://vuldb.com/?id.278215 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 10EXPL: 1CVE-2024-6511 – y_project RuoYi Content-Type isJsonRequest cross site scripting
https://notcve.org/view.php?id=CVE-2024-6511
04 Jul 2024 — A vulnerability classified as problematic was found in y_project RuoYi up to 4.7.9. Affected by this vulnerability is the function isJsonRequest of the component Content-Type Handler. The manipulation of the argument HttpHeaders.CONTENT_TYPE leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. • https://gitee.com/y_project/RuoYi/issues/IA8O7O • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2014-7743
https://notcve.org/view.php?id=CVE-2014-7743
21 Oct 2014 — The Humor Ironias y Realidades (aka com.wHumork) application 0.63.13371.13576 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. La aplicación para Android Humor Ironias y Realidades (también conocido como com.wHumork) 0.63.13371.13576 no verifica los certificados X.509 de los servidores SSL, lo que permite a atacantes man-in-the-middle suplantar servidores y obtener informació... • http://www.kb.cert.org/vuls/id/331785 • CWE-310: Cryptographic Issues •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2014-6990
https://notcve.org/view.php?id=CVE-2014-6990
16 Oct 2014 — The Albasit artes y danza (aka com.adianteventures.adianteapps.albasit_artes_y_danza) application 1.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. La aplicación para Android Albasit artes y danza (también conocida como com.adianteventures.adianteapps.albasit_artes_y_danza) 1.2 no verifica los certificados X.509 de los servidores SSL, lo que permite a atacantes man-in-the-... • http://www.kb.cert.org/vuls/id/561289 • CWE-310: Cryptographic Issues •