{"vulnerability": "cve-2025-2840", "sightings": [{"uuid": "fb61a82a-e4e3-4056-af17-11edb28b63de", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-28401", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lmahf4hz3p2r", "content": "", "creation_timestamp": "2025-04-07T17:12:11.628174Z"}, {"uuid": "9cf3fa6c-066c-4f8a-9fd6-5d859efea08e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-28403", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lmahf4sdky2h", "content": "", "creation_timestamp": "2025-04-07T17:12:12.364432Z"}, {"uuid": "16c4b3fd-5834-40b4-a49a-1984a8e64529", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-28400", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lmahf4vqmd2f", "content": "", "creation_timestamp": "2025-04-07T17:12:12.955706Z"}, {"uuid": "de6c4ba8-f4f2-4fa1-8b3a-b5c2a6331f5b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-28409", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lmahf54e332g", "content": "", "creation_timestamp": "2025-04-07T17:12:14.112195Z"}, {"uuid": "b76fb3b8-cadc-4ddc-84c2-dcc7c05b0e91", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-28405", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lmahf5d6t32g", "content": "", "creation_timestamp": "2025-04-07T17:12:15.376145Z"}, {"uuid": "d7c14e0b-5ef4-4ae3-948d-512e5224e1ac", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-28406", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lmahf5gizw2c", "content": "", "creation_timestamp": "2025-04-07T17:12:16.035474Z"}, {"uuid": "4e23ebb2-6de6-4295-90bc-b1762a6d8810", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-28407", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lmahf5noat2q", "content": "", "creation_timestamp": "2025-04-07T17:12:17.463585Z"}, {"uuid": "5c8df4ec-927b-430f-87bd-ea43401e2ad1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-28402", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lmahf5tead2b", "content": "", "creation_timestamp": "2025-04-07T17:12:18.105046Z"}, {"uuid": "4fbc54f2-8924-43e4-a60a-9cec320910f2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-28408", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lmahf6tkmu2w", "content": "", "creation_timestamp": "2025-04-07T17:12:22.743148Z"}, {"uuid": "79d4c242-8ad3-4d27-91ab-7c3fe353515a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-28407", "type": "seen", "source": "MISP/a1f4de80-fff0-4971-8020-da8f70ab57ea", "content": "", "creation_timestamp": "2025-09-10T07:00:40.000000Z"}, {"uuid": "3db31012-fdf4-4ade-a87b-2b5c61f3024d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-28405", "type": "seen", "source": "MISP/a1f4de80-fff0-4971-8020-da8f70ab57ea", "content": "", "creation_timestamp": "2025-09-10T07:00:39.000000Z"}, {"uuid": "6093d6a4-462e-4751-9f37-68f91d8de935", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-28409", "type": "seen", "source": "MISP/a1f4de80-fff0-4971-8020-da8f70ab57ea", "content": "", "creation_timestamp": "2025-09-10T07:00:40.000000Z"}, {"uuid": "1b45ed24-c35b-4717-84db-cffc04883ce2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-28406", "type": "seen", "source": "MISP/a1f4de80-fff0-4971-8020-da8f70ab57ea", "content": "", "creation_timestamp": "2025-09-10T07:00:40.000000Z"}, {"uuid": "31e42ee8-460c-451a-b16c-32130f8acba2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-28403", "type": "seen", "source": "MISP/a1f4de80-fff0-4971-8020-da8f70ab57ea", "content": "", "creation_timestamp": "2025-09-10T07:00:40.000000Z"}, {"uuid": "7eb2bd40-eb39-408e-9037-9f7f15949fe1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-28405", "type": "seen", "source": "MISP/a1f4de80-fff0-4971-8020-da8f70ab57ea", "content": "", "creation_timestamp": "2025-08-09T17:25:38.000000Z"}, {"uuid": "0423af22-5111-4785-8934-3bc6b9ca0e30", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-28409", "type": "seen", "source": "MISP/a1f4de80-fff0-4971-8020-da8f70ab57ea", "content": "", "creation_timestamp": "2025-08-09T17:25:38.000000Z"}, {"uuid": "177b9101-49fc-4b82-bd7a-3ecc5ca63697", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-28407", "type": "seen", "source": "MISP/a1f4de80-fff0-4971-8020-da8f70ab57ea", "content": "", "creation_timestamp": "2025-08-09T17:25:38.000000Z"}, {"uuid": "221fa437-a61b-479e-a62c-dcfa9dbc47b0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-28406", "type": "seen", "source": "MISP/a1f4de80-fff0-4971-8020-da8f70ab57ea", "content": "", "creation_timestamp": "2025-08-09T17:25:38.000000Z"}, {"uuid": "0edc7e1c-85fb-48a5-a1e8-838815ebf46e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-28403", "type": "seen", "source": "MISP/a1f4de80-fff0-4971-8020-da8f70ab57ea", "content": "", "creation_timestamp": "2025-08-09T17:25:38.000000Z"}, {"uuid": "fbfaf43a-7a55-466e-83e4-5988faa91163", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-2840", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/9540", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-2840\n\ud83d\udd25 CVSS Score: 5.3 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\ud83d\udd39 Description: The DAP to Autoresponders Email Syncing plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0 through the publicly accessible phpinfo.php script. This makes it possible for unauthenticated attackers to view potentially sensitive information contained in the exposed file.\n\ud83d\udccf Published: 2025-03-29T07:03:29.710Z\n\ud83d\udccf Modified: 2025-03-29T07:03:29.710Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/3ff90774-f5f6-4d9c-9565-1cff31f9bec4?source=cve\n2. https://plugins.trac.wordpress.org/browser/dap-to-autoresponders-daar/trunk/infusionsoft_src/phpinfo.php#L3\n3. https://wordpress.org/plugins/dap-to-autoresponders-daar/#developers", "creation_timestamp": "2025-03-29T07:28:48.000000Z"}, {"uuid": "4563b78e-1af2-4bf9-b072-ee2c93ed8b46", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-28405", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/10986", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-28405\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the changeStatus method\n\ud83d\udccf Published: 2025-04-07T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-08T19:38:11.379Z\n\ud83d\udd17 References:\n1. https://github.com/yangzongzhuan/RuoYi\n2. https://github.com/20210607/cve_public/blob/main/ruoyi_case/CVE-2025-28405.md", "creation_timestamp": "2025-04-08T19:47:23.000000Z"}, {"uuid": "a42994dc-76af-41fe-bafb-a59f2a0d68ff", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-28407", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/10991", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-28407\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the edit method of the /edit/{dictId} endpoint does not properly validate whether the requesting user has permission to modify the specified dictId\n\ud83d\udccf Published: 2025-04-07T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-08T19:36:15.195Z\n\ud83d\udd17 References:\n1. https://github.com/yangzongzhuan/RuoYi\n2. https://github.com/20210607/cve_public/blob/main/ruoyi_case/CVE-2025-28407.md", "creation_timestamp": "2025-04-08T19:47:30.000000Z"}, {"uuid": "8b2e0e9e-8cd9-4bf3-bf0f-8e9529317e8f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-28403", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/10983", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-28403\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the editSave method does not properly validate whether the requesting user has administrative privileges before allowing modifications to system configuration settings\n\ud83d\udccf Published: 2025-04-07T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-08T19:39:33.734Z\n\ud83d\udd17 References:\n1. https://github.com/yangzongzhuan/RuoYi\n2. https://github.com/20210607/cve_public/blob/main/ruoyi_case/CVE-2025-28403.md", "creation_timestamp": "2025-04-08T19:47:20.000000Z"}, {"uuid": "228844ba-056b-4673-87a3-f0d43898e137", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-28402", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/10982", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-28402\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the jobId parameter\n\ud83d\udccf Published: 2025-04-07T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-08T19:40:25.504Z\n\ud83d\udd17 References:\n1. https://github.com/yangzongzhuan/RuoYi\n2. https://github.com/20210607/cve_public/blob/main/ruoyi_case/CVE-2025-28402.md", "creation_timestamp": "2025-04-08T19:47:19.000000Z"}, {"uuid": "49bd9de7-45fc-4307-867c-070faaff654f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-28406", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/10988", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-28406\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the jobLogId parameter\n\ud83d\udccf Published: 2025-04-07T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-08T19:37:05.101Z\n\ud83d\udd17 References:\n1. https://github.com/yangzongzhuan/RuoYi\n2. https://github.com/20210607/cve_public/blob/main/ruoyi_case/CVE-2025-28406.md", "creation_timestamp": "2025-04-08T19:47:28.000000Z"}, {"uuid": "acd2727e-7983-4788-a3d8-c68fa1a21f61", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-28408", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/10995", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-28408\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the selectDeptTree method of the /selectDeptTree/{deptId} endpoint does not properly validate the deptId parameter\n\ud83d\udccf Published: 2025-04-07T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-08T19:34:46.004Z\n\ud83d\udd17 References:\n1. https://github.com/yangzongzhuan/RuoYi\n2. https://github.com/20210607/cve_public/blob/main/ruoyi_case/CVE-2025-28408.md", "creation_timestamp": "2025-04-08T19:47:37.000000Z"}, {"uuid": "72df694f-96b5-4a81-a812-f3d61deb1f27", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-28400", "type": "seen", "source": "https://t.me/cvedetector/22330", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-28400 - Apache Struts Privilege Escalation Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-28400 \nPublished : April 7, 2025, 4:15 p.m. | 27\u00a0minutes ago \nDescription : An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the postID parameter in the edit method \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"07 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-07T18:44:59.000000Z"}, {"uuid": "a3404d5f-0e08-445e-bb73-18860a3bebf0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-28405", "type": "seen", "source": "https://t.me/cvedetector/22331", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-28405 - RUoYi Privilege Escalation Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-28405 \nPublished : April 7, 2025, 4:15 p.m. | 27\u00a0minutes ago \nDescription : An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the changeStatus method \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"07 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-07T18:45:00.000000Z"}, {"uuid": "b3cb7edc-2d0b-4464-87ec-2c73ba667eb5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-28408", "type": "seen", "source": "https://t.me/cvedetector/22329", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-28408 - RUoYi Privilege Escalation Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-28408 \nPublished : April 7, 2025, 4:15 p.m. | 27\u00a0minutes ago \nDescription : An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the selectDeptTree method of the /selectDeptTree/{deptId} endpoint does not properly validate the deptId parameter \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"07 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-07T18:44:55.000000Z"}, {"uuid": "3f07ac44-fd3d-4619-8782-db3315996634", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-28407", "type": "seen", "source": "https://t.me/cvedetector/22328", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-28407 - Apache RUoYi Unauthenticated Privilege Escalation Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-28407 \nPublished : April 7, 2025, 4:15 p.m. | 27\u00a0minutes ago \nDescription : An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the edit method of the /edit/{dictId} endpoint does not properly validate whether the requesting user has permission to modify the specified dictId \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"07 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-07T18:44:54.000000Z"}, {"uuid": "873222fb-8a70-4ea0-b0d5-20f015d88513", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-28406", "type": "seen", "source": "https://t.me/cvedetector/22327", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-28406 - RUoYi Privilege Escalation Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-28406 \nPublished : April 7, 2025, 4:15 p.m. | 27\u00a0minutes ago \nDescription : An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the jobLogId parameter \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"07 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-07T18:44:53.000000Z"}, {"uuid": "38aea967-11fe-413e-aac8-1e98c6826d91", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-28403", "type": "seen", "source": "https://t.me/cvedetector/22326", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-28403 - RUoYi Privilege Escalation Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-28403 \nPublished : April 7, 2025, 4:15 p.m. | 27\u00a0minutes ago \nDescription : An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the editSave method does not properly validate whether the requesting user has administrative privileges before allowing modifications to system configuration settings \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"07 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-07T18:44:53.000000Z"}, {"uuid": "c1c6171a-e355-47bf-8010-ee9d5ce0b556", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-28402", "type": "seen", "source": "https://t.me/cvedetector/22325", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-28402 - Ruyi Privilege Escalation Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-28402 \nPublished : April 7, 2025, 4:15 p.m. | 27\u00a0minutes ago \nDescription : An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the jobId parameter \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"07 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-07T18:44:52.000000Z"}, {"uuid": "ccb33417-099f-4cd9-93b2-077be2f6eee5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-28401", "type": "seen", "source": "https://t.me/cvedetector/22324", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-28401 - \"RUoYi Privilege Escalation Vulnerability\"\", \n  \"Content\": \"CVE ID : CVE-2025-28401 \nPublished : April 7, 2025, 4:15 p.m. | 27\u00a0minutes ago \nDescription : An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the menuId parameter \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"07 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-07T18:44:47.000000Z"}, {"uuid": "31c53915-6ba9-4760-87b3-bd9a4e2f6617", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-28409", "type": "seen", "source": "https://t.me/cvedetector/22319", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-28409 - RUoYi Privilege Escalation Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-28409 \nPublished : April 7, 2025, 4:15 p.m. | 27\u00a0minutes ago \nDescription : An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the add method of the /add/{parentId} endpoint does not properly validate whether the requesting user has permission to add a menu item under the specified parentId \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"07 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-07T18:44:40.000000Z"}, {"uuid": "347d1626-654a-413b-b494-f678f9b36b4b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-2840", "type": "seen", "source": "https://t.me/cvedetector/21503", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-2840 - WordPress DAP to Autoresponders Email Syncing Sensitive Information Exposure\", \n  \"Content\": \"CVE ID : CVE-2025-2840 \nPublished : March 29, 2025, 7:15 a.m. | 2\u00a0hours, 2\u00a0minutes ago \nDescription : The DAP to Autoresponders Email Syncing plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0 through the publicly accessible phpinfo.php script. This makes it possible for unauthenticated attackers to view potentially sensitive information contained in the exposed file. \nSeverity: 5.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"29 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-29T10:28:55.000000Z"}]}