CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2025-28405
https://notcve.org/view.php?id=CVE-2025-28405
07 Apr 2025 — An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the changeStatus method • https://github.com/20210607/cve_public/blob/main/ruoyi_case/CVE-2025-28405.md • CWE-284: Improper Access Control •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2025-28406
https://notcve.org/view.php?id=CVE-2025-28406
07 Apr 2025 — An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the jobLogId parameter • https://github.com/20210607/cve_public/blob/main/ruoyi_case/CVE-2025-28406.md • CWE-284: Improper Access Control •
CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0CVE-2025-28407
https://notcve.org/view.php?id=CVE-2025-28407
07 Apr 2025 — An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the edit method of the /edit/{dictId} endpoint does not properly validate whether the requesting user has permission to modify the specified dictId • https://github.com/20210607/cve_public/blob/main/ruoyi_case/CVE-2025-28407.md • CWE-284: Improper Access Control •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2025-28408
https://notcve.org/view.php?id=CVE-2025-28408
07 Apr 2025 — An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the selectDeptTree method of the /selectDeptTree/{deptId} endpoint does not properly validate the deptId parameter • https://github.com/20210607/cve_public/blob/main/ruoyi_case/CVE-2025-28408.md • CWE-284: Improper Access Control •
CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0CVE-2025-28409
https://notcve.org/view.php?id=CVE-2025-28409
07 Apr 2025 — An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the add method of the /add/{parentId} endpoint does not properly validate whether the requesting user has permission to add a menu item under the specified parentId • https://github.com/20210607/cve_public/blob/main/ruoyi_case/CVE-2025-28408.md • CWE-284: Improper Access Control •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2025-28410
https://notcve.org/view.php?id=CVE-2025-28410
07 Apr 2025 — An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the cancelAuthUserAll method does not properly validate whether the requesting user has administrative privileges • https://github.com/20210607/cve_public/blob/main/ruoyi_case/CVE-2025-28409.md • CWE-284: Improper Access Control •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2025-28411
https://notcve.org/view.php?id=CVE-2025-28411
07 Apr 2025 — An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the editSave method in /tool/gen/editSave • https://github.com/20210607/cve_public/blob/main/ruoyi_case/CVE-2025-28411.md • CWE-284: Improper Access Control •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2025-28412
https://notcve.org/view.php?id=CVE-2025-28412
07 Apr 2025 — An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the /editSave method in SysNoticeController • https://github.com/20210607/cve_public/blob/main/ruoyi_case/CVE-2025-28412.md • CWE-284: Improper Access Control •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2025-28413
https://notcve.org/view.php?id=CVE-2025-28413
07 Apr 2025 — An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the SysDictTypeController component • https://github.com/20210607/cve_public/blob/main/ruoyi_case/CVE-2025-28413.md • CWE-284: Improper Access Control •
CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-1865 – Local Privilege Escalation in Virtual CloneDrive Kernel Driver
https://notcve.org/view.php?id=CVE-2025-1865
04 Apr 2025 — This allows creating files at arbitrary locations with full user control, ultimately allowing for privilege escalation to SYSTEM. • https://www.elby.ch/de/products/vcd.html • CWE-284: Improper Access Control •