Feng123123

#11813of 53,632
23.2Total CVSS
Vulnerabilities · 4
Low
1
Medium
3
PT-2026-42934
3.7
2026-05-24
Unknown · Jeecg-Boot · CVE-2026-9373
**Name of the Vulnerable Software and Affected Versions** JeecgBoot version 3.9.1 **Description** An improper authentication issue exists in the OpenAPI Endpoint component due to the processing of the '/openapi/call/' endpoint. This flaw allows for remote execution, although it is characterized by high complexity and difficult exploitability. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2026-42935
6.5
2026-05-24
Yangzongzhuan · Ruoyi-Vue · CVE-2026-9374
**Name of the Vulnerable Software and Affected Versions** yangzongzhuan RuoYi-Vue versions prior to 3.9.3 **Description** A flaw in the Common Upload Endpoint component allows for unrestricted file upload. This issue occurs within the `FileUploadUtils.upload()` function located in the '/common/upload' endpoint and can be exploited remotely through manipulation. **Recommendations** Update to a version later than 3.9.2. As a temporary workaround, restrict access to the '/common/upload' endpoint or disable the `FileUploadUtils.upload()` function until a patch is applied.
PT-2026-42936
6.5
2026-05-24
Jpress · Jpress · CVE-2026-9376
**Name of the Vulnerable Software and Affected Versions** JPress versions prior to 1.0.4 **Description** An improper authorization issue exists in the UCenter Article Submission Endpoint within the file '/ucenter/article/doWriteSave'. A remote attacker can manipulate the `id`/`userId` arguments to bypass authorization controls. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, restrict access to the '/ucenter/article/doWriteSave' endpoint to minimize the risk of exploitation.
PT-2026-20990
6.5
2026-02-20
Dromara · Ruoyi-Vue-Plus · CVE-2026-2819
**Name of the Vulnerable Software and Affected Versions** Dromara RuoYi-Vue-Plus versions through 5.5.3 **Description** A missing authorization issue exists in the Workflow Module of Dromara RuoYi-Vue-Plus. The issue affects the `SaServletFilter` function within the `/workflow/instance/deleteByInstanceIds` file. This allows for remote exploitation due to a lack of proper authorization checks. The exploit is publicly available. **Recommendations** Update to a version beyond 5.5.3. As a temporary workaround, restrict access to the `/workflow/instance/deleteByInstanceIds` file and the `SaServletFilter` function.