8.8

CVSS3.1

CVE-2025-28407 -

An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the edit method of the /edit/{dictId} endpoint does not properly validate whether the requesting user has permission to modify the specified dictId

πŸ“… Published: April 7, 2025, midnight πŸ”„ Last Modified: April 9, 2025, 7 p.m.

9.8

CVSS3.1

CVE-2025-28411 -

An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the editSave method in /tool/gen/editSave

πŸ“… Published: April 7, 2025, midnight πŸ”„ Last Modified: April 9, 2025, 6:45 p.m.

6.1

CVSS3.1

CVE-2025-29594 -

A vulnerability exists in the errorpage.php file of the CS2-WeaponPaints-Website v2.1.7 where user-controlled input is not adequately validated before being processed. Specifically, the $_GET['errorcode'] parameter can be manipulated to access unauthorized error codes, leading to Cross-Site Scripti…

πŸ“… Published: April 7, 2025, midnight πŸ”„ Last Modified: April 8, 2025, 6:13 p.m.

5.5

CVSS3.1

CVE-2025-29480 - gdal: Buffer Overflow in GDAL

Buffer Overflow vulnerability in gdal 3.10.2 allows a local attacker to cause a denial of service via the OGRSpatialReference::Release function. NOTE: the Supplier indicates that the report is invalid and could not be reproduced.

πŸ“… Published: April 7, 2025, midnight πŸ”„ Last Modified: July 24, 2025, 2:34 p.m.

9.8

CVSS3.1

CVE-2025-28405 -

An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the changeStatus method

πŸ“… Published: April 7, 2025, midnight πŸ”„ Last Modified: April 9, 2025, 4:41 p.m.

6.7

CVSS3.1

CVE-2025-28400 -

An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the postID parameter in the edit method

πŸ“… Published: April 7, 2025, midnight πŸ”„ Last Modified: April 9, 2025, 5:29 p.m.

5.1

CVSS4.0

CVE-2025-3326 - iteaj iboot 物联网网关 File Upload upload cross site scripting

A vulnerability has been found in iteaj iboot 物联网网关 1.1.3 and classified as problematic. This vulnerability affects unknown code of the file /common/upload of the component File Upload. The manipulation of the argument File leads to cross site scripting. The attack can be initiated remotely. The ex…

πŸ“… Published: April 6, 2025, 11:31 p.m. πŸ”„ Last Modified: April 8, 2025, 6:53 p.m.

5.3

CVSS4.0

CVE-2025-3325 - iteaj iboot 物联网网关 Admin Password pwd access control

A vulnerability, which was classified as problematic, was found in iteaj iboot 物联网网关 1.1.3. This affects an unknown part of the file /core/admin/pwd of the component Admin Password Handler. The manipulation of the argument ID leads to improper access controls. It is possible to initiate the attack …

πŸ“… Published: April 6, 2025, 11 p.m. πŸ”„ Last Modified: April 8, 2025, 6:53 p.m.

5.3

CVSS4.0

CVE-2025-3324 - godcheese/code-projects Nimrod FileRestController.java unrestricted upload

A vulnerability, which was classified as critical, has been found in godcheese/code-projects Nimrod 0.8. Affected by this issue is some unknown functionality of the file FileRestController.java. The manipulation of the argument File leads to unrestricted upload. The attack may be launched remotely.…

πŸ“… Published: April 6, 2025, 10:31 p.m. πŸ”„ Last Modified: April 7, 2025, 6:18 p.m.

5.3

CVSS4.0

CVE-2025-3323 - godcheese/code-projects Nimrod ViewMenuCategoryRestController.java searchAllByName sql injection

A vulnerability classified as critical was found in godcheese/code-projects Nimrod 0.8. Affected by this vulnerability is the function searchAllByName of the file ViewMenuCategoryRestController.java. The manipulation of the argument Name leads to sql injection. The attack can be launched remotely. …

πŸ“… Published: April 6, 2025, 10 p.m. πŸ”„ Last Modified: July 17, 2025, 6:15 p.m.
Total resulsts: 344062
Page 5486 of 34,407
Β« previous page Β» next page
Filters