20210607/cve_public

Releases0

Stars5

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2025-28399 ↗	Apr 15, 2025Tuesday, 15 April 2025, 19:16	9.8 CRITICAL	—
An issue in Erick xmall v.1.1 and before allows a remote attacker to escalate privileges via the updateAddress method of the Address Controller class.
CVE-2025-28409 ↗	Apr 7, 2025Monday, 7 April 2025, 16:15	8.8 HIGH	—
An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the add method of the /add/{parentId} endpoint does not properly validate whether the requesting user has permission to add a menu item under the specified parentId
CVE-2025-28413 ↗	Apr 7, 2025Monday, 7 April 2025, 16:15	9.8 CRITICAL	—
An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the SysDictTypeController component
CVE-2025-28412 ↗	Apr 7, 2025Monday, 7 April 2025, 16:15	9.8 CRITICAL	—
An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the /editSave method in SysNoticeController
CVE-2025-28411 ↗	Apr 7, 2025Monday, 7 April 2025, 16:15	9.8 CRITICAL	—
An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the editSave method in /tool/gen/editSave
CVE-2025-28410 ↗	Apr 7, 2025Monday, 7 April 2025, 16:15	9.8 CRITICAL	—
An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the cancelAuthUserAll method does not properly validate whether the requesting user has administrative privileges
CVE-2025-28403 ↗	Apr 7, 2025Monday, 7 April 2025, 16:15	7.2 HIGH	—
An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the editSave method does not properly validate whether the requesting user has administrative privileges before allowing modifications to system configuration settings
CVE-2025-28408 ↗	Apr 7, 2025Monday, 7 April 2025, 16:15	9.8 CRITICAL	—
An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the selectDeptTree method of the /selectDeptTree/{deptId} endpoint does not properly validate the deptId parameter
CVE-2025-28407 ↗	Apr 7, 2025Monday, 7 April 2025, 16:15	8.8 HIGH	—
An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the edit method of the /edit/{dictId} endpoint does not properly validate whether the requesting user has permission to modify the specified dictId
CVE-2025-28406 ↗	Apr 7, 2025Monday, 7 April 2025, 16:15	9.8 CRITICAL	—
An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the jobLogId parameter
CVE-2025-28405 ↗	Apr 7, 2025Monday, 7 April 2025, 16:15	9.8 CRITICAL	—
An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the changeStatus method
CVE-2025-28402 ↗	Apr 7, 2025Monday, 7 April 2025, 16:15	9.8 CRITICAL	—
An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the jobId parameter
CVE-2025-28400 ↗	Apr 7, 2025Monday, 7 April 2025, 16:15	6.7 MEDIUM	—
An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the postID parameter in the edit method