Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In April 2025
CVE-2025-28413
An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the SysDictTypeController component
CVSS Score
9.8
EPSS Score
0.01
Published
2025-04-07
CVE-2025-28400
An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the postID parameter in the edit method
CVSS Score
6.7
EPSS Score
0.004
Published
2025-04-07
CVE-2025-28401
An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the menuId parameter
CVSS Score
6.7
EPSS Score
0.004
Published
2025-04-07
CVE-2025-28402
An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the jobId parameter
CVSS Score
9.8
EPSS Score
0.01
Published
2025-04-07
CVE-2025-28403
An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the editSave method does not properly validate whether the requesting user has administrative privileges before allowing modifications to system configuration settings
CVSS Score
7.2
EPSS Score
0.008
Published
2025-04-07
CVE-2025-28405
An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the changeStatus method
CVSS Score
9.8
EPSS Score
0.01
Published
2025-04-07
CVE-2025-28406
An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the jobLogId parameter
CVSS Score
9.8
EPSS Score
0.01
Published
2025-04-07
CVE-2025-28407
An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the edit method of the /edit/{dictId} endpoint does not properly validate whether the requesting user has permission to modify the specified dictId
CVSS Score
8.8
EPSS Score
0.007
Published
2025-04-07
CVE-2025-28408
An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the selectDeptTree method of the /selectDeptTree/{deptId} endpoint does not properly validate the deptId parameter
CVSS Score
9.8
EPSS Score
0.01
Published
2025-04-07
CVE-2025-3371
A vulnerability, which was classified as critical, has been found in PCMan FTP Server 2.0.7. This issue affects some unknown processing of the component DELETE Command Handler. The manipulation leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
CVSS Score
6.9
EPSS Score
0.005
Published
2025-04-07


Products
Pricing
Contact Us

Shodan ® - All rights reserved