CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-30473 – Apache Airflow Common SQL Provider: Remote Code Execution via Sql Injection
https://notcve.org/view.php?id=CVE-2025-30473
07 Apr 2025 — When using the partition clause in SQLTableCheckOperator as parameter (which was a recommended pattern), Authenticated UI User could inject arbitrary SQL command when triggering DAG exposing partition_clause to the user. This allowed the DAG Triggering user to escalate privileges to execute those arbitrary commands which they normally would not have. This allowed the DAG Triggering user to escalate privileges to execute those arbitrary commands which they normally w... • https://github.com/apache/airflow/pull/48098 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.7EPSS: 0%CPEs: -EXPL: 0CVE-2025-20662
https://notcve.org/view.php?id=CVE-2025-20662
07 Apr 2025 — This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. • https://corp.mediatek.com/product-security-bulletin/April-2025 • CWE-125: Out-of-bounds Read •
CVSS: 6.7EPSS: 0%CPEs: -EXPL: 0CVE-2025-20661
https://notcve.org/view.php?id=CVE-2025-20661
07 Apr 2025 — This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. • https://corp.mediatek.com/product-security-bulletin/April-2025 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2025-20660
https://notcve.org/view.php?id=CVE-2025-20660
07 Apr 2025 — This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. • https://corp.mediatek.com/product-security-bulletin/April-2025 • CWE-125: Out-of-bounds Read •
CVSS: 6.0EPSS: 0%CPEs: -EXPL: 0CVE-2025-20658
https://notcve.org/view.php?id=CVE-2025-20658
07 Apr 2025 — This could lead to local escalation of privilege, if an attacker has physical access to the device, with no additional execution privileges needed. • https://corp.mediatek.com/product-security-bulletin/April-2025 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2025-20657
https://notcve.org/view.php?id=CVE-2025-20657
07 Apr 2025 — This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. • https://corp.mediatek.com/product-security-bulletin/April-2025 • CWE-787: Out-of-bounds Write •
CVSS: 6.8EPSS: 0%CPEs: -EXPL: 0CVE-2025-20656
https://notcve.org/view.php?id=CVE-2025-20656
07 Apr 2025 — This could lead to local escalation of privilege, if an attacker has physical access to the device, with no additional execution privileges needed. • https://corp.mediatek.com/product-security-bulletin/April-2025 • CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: -EXPL: 0CVE-2025-28400
https://notcve.org/view.php?id=CVE-2025-28400
07 Apr 2025 — An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the postID parameter in the edit method • https://github.com/20210607/cve_public/blob/main/ruoyi_case/CVE-2025-28400.md • CWE-269: Improper Privilege Management •
CVSS: 7.5EPSS: 0%CPEs: -EXPL: 0CVE-2025-28401
https://notcve.org/view.php?id=CVE-2025-28401
07 Apr 2025 — An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the menuId parameter • https://github.com/yangzongzhuan/RuoYi • CWE-269: Improper Privilege Management •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2025-28402
https://notcve.org/view.php?id=CVE-2025-28402
07 Apr 2025 — An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the jobId parameter • https://github.com/20210607/cve_public/blob/main/ruoyi_case/CVE-2025-28402.md •