PT-2025-15468 · Joomla · Joomla!

Name of the Vulnerable Software and Affected Versions: Joomla versions prior to 2.1.1 and 3.3.1 Description: The issue arises from improper handling of identifiers, leading to a SQL injection vulnerability in the quoteNameStr method of the database package. This method is protected and has no...

UNA CMS 14.0.0-RC - PHP Object Injection

Exploit Title: UNA CMS = 14.0.0-RC4 BxBaseMenuSetAclLevel.php PHP Object Injection Vulnerability Author: Egidio Romano aka EgiX Software link.......: https://unacms.com - Software Links: https://unacms.com https://github.com/unacms/una - Affected Versions: All versions from 9.0.0-RC1 to 14.0.0-RC...

CVE-2025-28411

An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the editSave method in /tool/gen/editSave...

CVE-2025-28408

An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the selectDeptTree method of the /selectDeptTree/deptId endpoint does not properly validate the deptId parameter...

CVE-2025-28403

An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the editSave method does not properly validate whether the requesting user has administrative privileges before allowing modifications to system configuration settings...

CVE-2024-43065

CVE-2024-43065 affects Qualcomm chipsets with cryptographic issues in the generation of asymmetric key pairs for RKP use cases. The root cause is a flaw in how key material is generated, leading to potential weaknesses in confidentiality and integrity. The CVSS base metrics indicate a high impact...

Security update for govulncheck-vulndb

This update for govulncheck-vulndb fixes the following issues: Update to version 0.0.20250402T160203 2025-04-02T16:02:03Z jscPED-11136 GO-2025-3443 GO-2025-3581 GO-2025-3582 GO-2025-3583 GO-2025-3584 GO-2025-3585 GO-2025-3586 GO-2025-3587 GO-2025-3588 Patch Instructions: To install this SUSE upda...

Exploit for Improper Input Validation in Microsoft

CVE-2023-23397 Exploitation & Mitigation Demo 📌 Overview...

jinja2: Jinja sandbox breakout through attr filter selecting format method

A flaw was found in Jinja. In affected versions, an oversight in how the Jinja sandboxed environment interacts with the |attr filter allows an attacker who controls the content of a template to execute arbitrary Python code. To exploit the vulnerability, an attacker needs to control the content o...

CVE-2025-28400

CVE-2025-28400 affects RUoYi v4.8.0. A remote attacker can escalate privileges via the postID parameter in the edit method. Documented impact includes elevated privileges; CVSSv3.1 base score 6.7 (Medium). No explicit exploit details are provided in the connected documents. Remediation details ar...

CVE-2025-28412

CVE-2025-28412 affects RUoYi v4.8.0. The issue enables a remote attacker to escalate privileges through the SysNoticeController.editSave method. Root cause details are not fully disclosed in the provided documents, but multiple sources confirm a privilege escalation vulnerability with a high/crit...

PT-2025-15238 · Ruoyi · Ruoyi

Name of the Vulnerable Software and Affected Versions: RUoYi version 4.8.0 Description: An issue in RUoYi allows a remote attacker to escalate privileges via the postID parameter in the edit method. Recommendations: For RUoYi version 4.8.0, consider disabling the edit method until a patch is...

PT-2025-15250 · Ruoyi · Ruoyi

Name of the Vulnerable Software and Affected Versions: RUoYi version 4.8.0 Description: An issue in RUoYi allows a remote attacker to escalate privileges via the cancelAuthUserAll method, which does not properly validate whether the requesting user has administrative privileges. Recommendations:...

📄 AC Repair and Services System 1.0 SQL Injection

AC Repair and Services System version 1.0 suffers from multiple remote SQL injection vulnerabilities. Titles: AC Repair and Services System - ARSS-1.0-Copyright©2025-Multiple-SQLi Author: nu11secur1ty Date: 04/05/2025 Vendor: https://github.com/oretnom23 Software:...

RuoYi 安全漏洞

RuoYi is a backend management system for individual developers of RuoYi in China. A security vulnerability exists in RuoYi v.4.8.0, which stems from the edit method not properly verifying the privileges of the requesting user, which could result in modifying the specified dictId...

CVE-2025-28410

An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the cancelAuthUserAll method does not properly validate whether the requesting user has administrative privileges...

CVE-2025-28410

CVE-2025-28410 concerns RUoYi v4.8.0. Multiple sources (NVD, Red Hat, OSV, CIRCL, ENISA EUVD) describe a privilege-escalation flaw in the remote procedure cancelAuthUserAll, where the request is not properly validated for administrative privileges. This enables an attacker to escalate from a non-...

CVE-2025-28403

An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the editSave method does not properly validate whether the requesting user has administrative privileges before allowing modifications to system configuration settings...

CVE-2025-28405

Summary: CVE-2025-28405 affects RUoYi v4.8.0 and allows a remote attacker to escalate privileges via the changeStatus method. The issue is exploitable over the network with no user interaction, and the base CVSSv3.1 score is 9.8 (CRITICAL) , with high impact on confidentiality, integrity, and ava...

RuoYi 安全漏洞

RuoYi is a backend management system for individual developers of RuoYi in China. A security vulnerability exists in RuoYi version v.4.8.0, which stems from the editSave method not properly verifying the requested user privileges, which may result in modification of the system configuration...