CVE-2025-3855 – CodeCanyon RISE Ultimate Project Manager File Inclusion Vulnerability

April 21, 2025

CVE ID : CVE-2025-3855

Published : April 22, 2025, 1:15 a.m. | 1 hour, 21 minutes ago

Description : A vulnerability was found in CodeCanyon RISE Ultimate Project Manager 3.8.2 and classified as problematic. Affected by this issue is some unknown functionality of the file /index.php/team_members/save_profile_image/ of the component Profile Picture Handler. The manipulation of the argument profile_image_file leads to improper control of resource identifiers. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

Severity: 4.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-3850 – YXJ2018 SpringBoot-Vue-OnlineExam Remote Authentication Bypass Vulnerability

Next Article CVE-2024-58250 – ppp Passprompt Privilege Escalation Vulnerability

Highlights

CVE-2025-48187 – RAGFlow Authentication Bypass

May 17, 2025

CVE ID : CVE-2025-48187

Published : May 17, 2025, 1:15 p.m. | 3 hours, 53 minutes ago

Description : RAGFlow through 0.18.1 allows account takeover because it is possible to conduct successful brute-force attacks against email verification codes to perform arbitrary account registration, login, and password reset. Codes are six digits and there is no rate limiting.

Severity: 9.1 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

BrowserStack launches Figma plugin for detecting accessibility issues in design phase

Parasoft brings agentic AI to service virtualization in latest release

Node.js vs. Python for Backend: 7 Reasons C-Level Leaders Choose Node.js Talent

Handling JavaScript Event Listeners With Parameters

I finally gave NotebookLM my full attention – and it really is a total game changer

Google Chrome for iOS now lets you switch between personal and work accounts

How the Trump administration changed AI: A timeline

Download your photos before AT&T shuts down its cloud storage service permanently

Laravel Live Denmark

Laravel Live Denmark

The July 2025 Laravel Worldwide Meetup is Today

Livewire Security Vulnerability

Galaxy Z Fold 7 review: Six years later — Samsung finally cracks the foldable code

Galaxy Z Fold 7 review: Six years later — Samsung finally cracks the foldable code

Halo and Half-Life combine in wild new mod, bringing two of my favorite games together in one — here’s how to play, and how it works

Surprise! The iconic Roblox ‘oof’ sound is back — the beloved meme makes “a comeback so good it hurts” after three years of licensing issues

CVE-2025-3855 – CodeCanyon RISE Ultimate Project Manager File Inclusion Vulnerability

UNC6148 Backdoors Fully-Patched SonicWall SMA 100 Series Devices with OVERSTEP Rootkit

Hackers Exploit SharePoint Zero-Day Since July 7 to Steal Keys, Maintain Persistent Access

Phishing Up 175%: India’s New Cyber Report Flags BFSI Sector Vulnerabilities

CVE-2025-5513 – Quequnlong Shiyi-Blog Cross-Site Scripting Vulnerability

Top 10 Drone Show Ideas That Will Wow Your Wedding Guests in 2025

Canadese overheid meldt aanval op telecombedrijf via bekend Cisco-lek

CVE-2025-48187 – RAGFlow Authentication Bypass

Google May Lose Chrome, And OpenAI’s First in Line to Grab It

CVE-2025-49593 – Portainer Exposed Registry Authentication Credentials Leakage

Distribution Release: SparkyLinux 7.8

CVE-2025-3855 – CodeCanyon RISE Ultimate Project Manager File Inclusion Vulnerability

Related Posts