CVE-2025-7412 – “Code-Projects Library System Unrestricted File Upload Vulnerability”

July 10, 2025

CVE ID : CVE-2025-7412

Published : July 10, 2025, 8:15 p.m. | 2 hours, 24 minutes ago

Description : A vulnerability was found in code-projects Library System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /user/student/profile.php. The manipulation of the argument image leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

Severity: 6.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-7413 – Code-projects Library System Unrestricted File Upload Vulnerability

Next Article CVE-2025-7021 – OpenAI Operator SaaS Fullscreen API Spoofing and UI Redressing

Highlights

CVE-2025-2523 – “Honeywell Experion PKS and OneWireless WDM Integer Underflow Vulnerability Allows Remote Code Execution”

July 10, 2025

CVE ID : CVE-2025-2523

Published : July 10, 2025, 9:15 p.m. | 59 minutes ago

Description : The Honeywell Experion PKS

and OneWireless WDM

contains an Integer Underflow

vulnerability

in the component Control Data Access (CDA). An attacker could potentially exploit this vulnerability, leading to a Communication Channel Manipulation, which could result in a failure during subtraction allowing remote code execution.

Honeywell recommends updating to the most recent version of

Honeywell Experion PKS:520.2 TCU9 HF1 and 530.1 TCU3 HF1 and OneWireless: 322.5 and 331.1.

The affected Experion PKS products are C300 PCNT02, C300 PCNT05, FIM4, FIM8, UOC, CN100, HCA, C300PM, and C200E. The Experion PKS versions affected are from 520.1 through 520.2 TCU9 and from 530 through 530 TCU3. The OneWireless WDM affected versions are 322.1 through 322.4 and 330.1 through 330.3.

Severity: 9.4 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2025-4547 – SourceCodester Web-based Pharmacy Product Management System Cross-Site Scripting Vulnerability

May 11, 2025

CVE-2025-49181 – Apache Log Service Unauthenticated API Endpoint Information Disclosure and Configuration Modification Vulnerability

June 12, 2025

Windsurf Launches SWE-1: A Frontier AI Model Family for End-to-End Software Engineering

May 17, 2025

Microsoft donates DocumentDB to the Linux Foundation

A Week In The Life Of An AI-Augmented Designer

This week in AI updates: Gemini Code Assist Agent Mode, GitHub’s Agents panel, and more (August 22, 2025)

Microsoft adds Copilot-powered debugging features for .NET in Visual Studio

ChatGPT is reportedly scraping Google Search data to answer your questions – here’s how

The 10 best early Labor Day deals live now: Save on Apple, Samsung and more

5 rumored Apple iPhone Fold features that have me excited (and frustrated at the same time)

Forget plug-and-play AI: Here’s what successful AI projects do differently

Log Outgoing HTTP Requests with the Laravel Spy Package

Log Outgoing HTTP Requests with the Laravel Spy Package

devdojo/auth

Rust Slices: Cutting Into References the Safe Way

Best AI Girlfriend Simulator [2025 Working Apps and Websites]

Best AI Girlfriend Simulator [2025 Working Apps and Websites]

8 Best Paid and Free AI Sexting Chat Apps in 2025

Best AI Anime Art Generator: 7 Best to Use [Free & Premium]

CVE-2025-7412 – “Code-Projects Library System Unrestricted File Upload Vulnerability”

Transparent Tribe Targets Indian Govt With Weaponized Desktop Shortcuts via Phishing

Buffalo Police Detective Indicted for Attempted Purchases on Genesis Market

Hack the model: Build AI security skills with the GitHub Secure Code Game

Windows 10 removes Start menu jump lists (file list) for tiles in April 2025 Update

Gamaredon Uses Infected Removable Drives to Breach Western Military Mission in Ukraine

CVE-2025-7127 – iSourcecode Employee Management System SQL Injection Vulnerability

CVE-2025-2523 – “Honeywell Experion PKS and OneWireless WDM Integer Underflow Vulnerability Allows Remote Code Execution”

CVE-2025-4547 – SourceCodester Web-based Pharmacy Product Management System Cross-Site Scripting Vulnerability

CVE-2025-49181 – Apache Log Service Unauthenticated API Endpoint Information Disclosure and Configuration Modification Vulnerability

Windsurf Launches SWE-1: A Frontier AI Model Family for End-to-End Software Engineering

CVE-2025-7412 – “Code-Projects Library System Unrestricted File Upload Vulnerability”

Related Posts