CVE-2025-39350 – Rocket Apps wProject Missing Authorization Vulnerability

May 19, 2025

CVE ID : CVE-2025-39350

Published : May 19, 2025, 8:15 p.m. | 3 hours, 59 minutes ago

Description : Missing Authorization vulnerability in Rocket Apps wProject.This issue affects wProject: from n/a before 5.8.0.

Severity: 8.2 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-39357 – Mojoomla Hospital Management System SQL Injection

Next Article CVE-2025-39356 – Chimpstudio Foodbakery Sticky Cart Object Injection Vulnerability

Highlights

CVE-2025-49843 – Conda-Smithy File Permission Bypass Vulnerability

June 17, 2025

CVE ID : CVE-2025-49843

Published : June 17, 2025, 9:15 p.m. | 1 hour, 16 minutes ago

Description : conda-smithy is a tool for combining a conda recipe with configurations to build using freely hosted CI services into a single repository. Prior to version 3.47.1, the travis_headers function in the conda-smithy repository creates files with permissions exceeding 0o600, allowing read and write access beyond the intended user/owner. This violates the principle of least privilege, which mandates restricting file permissions to the minimum necessary. An attacker could exploit this to access configuration files in shared hosting environments. This issue has been patched in version 3.47.1.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

10 Top Node.js Development Companies for Enterprise-Scale Projects (2025-2026 Ranked & Reviewed)

12 Must-Know Cost Factors When Hiring Node.js Developers for Your Enterprise

Mirantis reveals Lens Prism, an AI copilot for operating Kubernetes clusters

Avoid these common platform engineering mistakes

Just days after joining Game Pass, the Xbox PC edition of Call of Duty: WW2 is taken offline for “an issue”

Xbox layoffs and game cuts wreak havoc on talented developers and the company’s future portfolio — Weekend discussion 💬

Microsoft plans to revamp Recall in Windows 11 with these new features

This 4K OLED monitor has stereo speakers that follow you — but it’s missing something “imPORTant”

Flaget – new small 5kB CLI argument parser

Flaget – new small 5kB CLI argument parser

The dog days of JavaScript summer

Databricks Lakebase – Database Branching in Action

Just days after joining Game Pass, the Xbox PC edition of Call of Duty: WW2 is taken offline for “an issue”

Just days after joining Game Pass, the Xbox PC edition of Call of Duty: WW2 is taken offline for “an issue”

Xbox layoffs and game cuts wreak havoc on talented developers and the company’s future portfolio — Weekend discussion 💬

Microsoft plans to revamp Recall in Windows 11 with these new features

CVE-2025-39350 – Rocket Apps wProject Missing Authorization Vulnerability

Citrix Releases Emergency Patches for Actively Exploited CVE-2025-6543 in NetScaler ADC

CISA Adds 3 Flaws to KEV Catalog, Impacting AMI MegaRAC, D-Link, Fortinet

How Template Culture Is Dumbing Down UX

Chinese Hackers Target Linux Systems Using SNOWLIGHT Malware and VShell Tool

The power of spread and rest patterns in JavaScript

CVE-2025-39365 – Rocket Apps wProject Cross-site Scripting

CVE-2025-49843 – Conda-Smithy File Permission Bypass Vulnerability

CVE-2025-49823 – Anaconda Constructor Command Injection Vulnerability

Error’d: Cuts Like a Knife

CVE-2025-0782 – H2O-3 S3 Bucket Public Write Privilege Escalation Vulnerability

CVE-2025-39350 – Rocket Apps wProject Missing Authorization Vulnerability

Related Posts