Total
4157 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-28413 | 1 Ruoyi | 1 Ruoyi | 2026-06-17 | N/A | 9.8 CRITICAL |
| An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the SysDictTypeController component | |||||
| CVE-2025-28412 | 1 Ruoyi | 1 Ruoyi | 2026-06-17 | N/A | 9.8 CRITICAL |
| An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the /editSave method in SysNoticeController | |||||
| CVE-2025-28411 | 1 Ruoyi | 1 Ruoyi | 2026-06-17 | N/A | 9.8 CRITICAL |
| An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the editSave method in /tool/gen/editSave | |||||
| CVE-2025-28410 | 1 Ruoyi | 1 Ruoyi | 2026-06-17 | N/A | 9.8 CRITICAL |
| An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the cancelAuthUserAll method does not properly validate whether the requesting user has administrative privileges | |||||
| CVE-2025-28409 | 1 Ruoyi | 1 Ruoyi | 2026-06-17 | N/A | 8.8 HIGH |
| An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the add method of the /add/{parentId} endpoint does not properly validate whether the requesting user has permission to add a menu item under the specified parentId | |||||
| CVE-2025-28408 | 1 Ruoyi | 1 Ruoyi | 2026-06-17 | N/A | 9.8 CRITICAL |
| An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the selectDeptTree method of the /selectDeptTree/{deptId} endpoint does not properly validate the deptId parameter | |||||
| CVE-2025-28407 | 1 Ruoyi | 1 Ruoyi | 2026-06-17 | N/A | 8.8 HIGH |
| An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the edit method of the /edit/{dictId} endpoint does not properly validate whether the requesting user has permission to modify the specified dictId | |||||
| CVE-2025-28406 | 1 Ruoyi | 1 Ruoyi | 2026-06-17 | N/A | 9.8 CRITICAL |
| An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the jobLogId parameter | |||||
| CVE-2025-28405 | 1 Ruoyi | 1 Ruoyi | 2026-06-17 | N/A | 9.8 CRITICAL |
| An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the changeStatus method | |||||
| CVE-2025-28403 | 1 Ruoyi | 1 Ruoyi | 2026-06-17 | N/A | 7.2 HIGH |
| An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the editSave method does not properly validate whether the requesting user has administrative privileges before allowing modifications to system configuration settings | |||||
| CVE-2025-28402 | 1 Ruoyi | 1 Ruoyi | 2026-06-17 | N/A | 9.8 CRITICAL |
| An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the jobId parameter | |||||
| CVE-2025-28371 | 1 Engeniustech | 2 Enh500, Enh500 Firmware | 2026-06-17 | N/A | 6.5 MEDIUM |
| EnGenius ENH500 AP 2T2R V3.0 FW3.7.22 is vulnerable to Incorrect Access Control via the password change function. The device fails to validate the current password, allowing an attacker to submit a password change request with an invalid current password and set a new password. | |||||
| CVE-2025-28367 | 1 Mojoportal | 1 Mojoportal | 2026-06-17 | N/A | 6.5 MEDIUM |
| mojoPortal <=2.9.0.1 is vulnerable to Directory Traversal via BetterImageGallery API Controller - ImageHandler Action. An attacker can exploit this vulnerability to access the Web.Config file and obtain the MachineKey. | |||||
| CVE-2025-28233 | 2026-06-17 | N/A | 9.1 CRITICAL | ||
| Incorrect access control in BW Broadcast TX600 (14980), TX300 (32990) (31448), TX150, TX1000, TX30, and TX50 Hardware Version: 2, Software Version: 1.6.0, Control Version: 1.0, AIO Firmware Version: 1.7 allows attackers to access log files and extract session identifiers to execute a session hijacking attack. | |||||
| CVE-2025-28232 | 1 Jmbroadcast | 2 Jmb0150, Jmb0150 Firmware | 2026-06-17 | N/A | 9.1 CRITICAL |
| Incorrect access control in the HOME.php endpoint of JMBroadcast JMB0150 Firmware v1.0 allows attackers to access the Admin panel without authentication. | |||||
| CVE-2025-28231 | 2026-06-17 | N/A | 9.1 CRITICAL | ||
| Incorrect access control in Itel Electronics IP Stream v1.7.0.6 allows unauthorized attackers to execute arbitrary commands with Administrator privileges. | |||||
| CVE-2025-28229 | 1 Orban | 2 Optimod 5950, Optimod 5950 Firmware | 2026-06-17 | N/A | 9.8 CRITICAL |
| Incorrect access control in Orban OPTIMOD 5950 Firmware v1.0.0.2 and System v2.2.15 allows attackers to bypass authentication and gain Administrator privileges. | |||||
| CVE-2025-28201 | 1 Govicture | 2 Rx1800, Rx1800 Firmware | 2026-06-17 | N/A | 6.8 MEDIUM |
| An issue in Victure RX1800 EN_V1.0.0_r12_110933 allows physically proximate attackers to execute arbitrary code or gain root access. | |||||
| CVE-2025-28104 | 1 Dogukanurker | 1 Flaskblog | 2026-06-17 | N/A | 9.1 CRITICAL |
| Incorrect access control in laskBlog v2.6.1 allows attackers to access all usernames via a crafted input. | |||||
| CVE-2025-28041 | 1 Liaoxuefeng | 1 Itranswarp | 2026-06-17 | N/A | 8.6 HIGH |
| Incorrect access control in the doFilter function of itranswarp up to 2.19 allows attackers to access sensitive components without authentication. | |||||