An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the cfl_list_size in cfl_list.h:165.

An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the cancelAuthUserAll method does not properly validate whether the requesting user has administrative privileges

Buffer Overflow vulnerability in libbpf 1.5.0 allows a local attacker to execute arbitrary code via the bpf_object__init_prog` function of libbpf. This has been disputed by third parties who assert that "no one in their sane mind should be passing untrusted ELF files into libbpf while running under…

An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the jobLogId parameter

An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the add method of the /add/{parentId} endpoint does not properly validate whether the requesting user has permission to add a menu item under the specified parentId

An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the selectDeptTree method of the /selectDeptTree/{deptId} endpoint does not properly validate the deptId parameter

A cross-site scripting (XSS) vulnerability in Typecho v1.2.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into Name parameter under a comment for an Article.

DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.

An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the /editSave method in SysNoticeController

An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the jobId parameter