9.8
CVE-2025-28405 -
An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the changeStatus method
6.7
CVE-2025-28400 -
An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the postID parameter in the edit method
5.1
CVE-2025-3326 - iteaj iboot η©θη½η½ε ³ File Upload upload cross site scripting
A vulnerability has been found in iteaj iboot η©θη½η½ε ³ 1.1.3 and classified as problematic. This vulnerability affects unknown code of the file /common/upload of the component File Upload. The manipulation of the argument File leads to cross site scripting. The attack can be initiated remotely. The exβ¦
5.3
CVE-2025-3325 - iteaj iboot η©θη½η½ε ³ Admin Password pwd access control
A vulnerability, which was classified as problematic, was found in iteaj iboot η©θη½η½ε ³ 1.1.3. This affects an unknown part of the file /core/admin/pwd of the component Admin Password Handler. The manipulation of the argument ID leads to improper access controls. It is possible to initiate the attack β¦
5.3
CVE-2025-3324 - godcheese/code-projects Nimrod FileRestController.java unrestricted upload
A vulnerability, which was classified as critical, has been found in godcheese/code-projects Nimrod 0.8. Affected by this issue is some unknown functionality of the file FileRestController.java. The manipulation of the argument File leads to unrestricted upload. The attack may be launched remotely.β¦
5.3
CVE-2025-3323 - godcheese/code-projects Nimrod ViewMenuCategoryRestController.java searchAllByName sql injection
A vulnerability classified as critical was found in godcheese/code-projects Nimrod 0.8. Affected by this vulnerability is the function searchAllByName of the file ViewMenuCategoryRestController.java. The manipulation of the argument Name leads to sql injection. The attack can be launched remotely. β¦
9.3
CVE-2025-32013 - Server-Side Request Forgery via LNURL Authentication Callback in LNbits Lightning Network Payment Sβ¦
LNbits is a Lightning wallet and accounts system. A Server-Side Request Forgery (SSRF) vulnerability has been discovered in LNbits' LNURL authentication handling functionality. When processing LNURL authentication requests, the application accepts a callback URL parameter and makes an HTTP request β¦
8.2
CVE-2025-31492 - mod_auth_openidc allows OIDCProviderAuthRequestMethod POSTs to leak protected data
mod_auth_openidc is an OpenID Certified authentication and authorization module for the Apache 2.x HTTP server that implements the OpenID Connect Relying Party functionality. Prior to 2.4.16.11, a bug in a mod_auth_openidc results in disclosure of protected content to unauthenticated users. The conβ¦
4.9
CVE-2025-31488 - Plain Craft Launcher's custom homepage can use Internet Explorer to load web pages with the help ofβ¦
Plain Craft Launcher (PCL) is a launcher for Minecraft. PCL allows users to use homepages provided by third parties. If controls such as WebBrowser are used in the homepage, WPF will use Internet Explorer to load the specified webpage. If the user uses a malicious homepage, the attacker can use IE β¦
5.3
CVE-2025-2259 - Eclipse ThreadX NetX Duo component HTTP server single PUT request integer underflow
In NetX HTTP server functionality of Eclipse ThreadX NetX Duo before version 6.4.3, an attacker can cause an integer underflow and a subsequent denial of service by writing a very large file, by specially crafted packets with Content-Length in one packet smaller than the data request size of thβ¦