RuoYi CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

Review RuoYi CVE published 2026-06-15

CVE-2026-38812

CVE-2026-38812 is a SQL Injection vulnerability in RuoYi v4.8.2. The issue exists in the code generation module and is accessible via the /tool/gen/createTable endpoint. An authenticated attacker with administrative privileges may be able to access sensitive database information. For more information, see resourceLinkAnnotations: [cve-org], [nvd], [ref-4].

Review RuoYi CVE published 2026-06-15

CVE-2026-37216

CVE-2026-37216 is a Cross Site Scripting (XSS) vulnerability in Ruoyi 4.8.2. The vulnerability exists at the interface /system/notice/add. The CVE was published and modified on 2026-06-15T20:16:26.250Z.