CVE-2025-7898 – “Codcanyon iDentSoft File Upload Vulnerability”

July 20, 2025

CVE ID : CVE-2025-7898

Published : July 20, 2025, 4:15 p.m. | 7 hours, 2 minutes ago

Description : A vulnerability was found in Codecanyon iDentSoft 2.0. It has been classified as critical. This affects an unknown part of the file /clinica/profile/updateSetting of the component Account Setting Page. The manipulation of the argument photo leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Severity: 4.7 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-7901 – RuoYi Swagger UI Cross-Site Scripting Vulnerability

Next Article CVE-2025-7902 – Yangzongzhuan RuoYi Cross-Site Scripting Vulnerability

Highlights

CVE-2024-43394 – Apache HTTP Server Windows SSRF NTLM Hash Leak

July 10, 2025

CVE ID : CVE-2024-43394

Published : July 10, 2025, 5:15 p.m. | 2 hours, 3 minutes ago

Description : Server-Side Request Forgery (SSRF) in Apache HTTP Server on Windows allows to potentially leak NTLM hashes to a malicious server via
mod_rewrite or apache expressions that pass unvalidated request input.

This issue affects Apache HTTP Server: from 2.4.0 through 2.4.63.

Note: The Apache HTTP Server Project will be setting a higher bar for accepting vulnerability reports regarding SSRF via UNC paths.

The server offers limited protection against administrators directing the server to open UNC paths.
Windows servers should limit the hosts they will connect over via SMB based on the nature of NTLM authentication.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

BrowserStack launches Figma plugin for detecting accessibility issues in design phase

Parasoft brings agentic AI to service virtualization in latest release

Node.js vs. Python for Backend: 7 Reasons C-Level Leaders Choose Node.js Talent

Handling JavaScript Event Listeners With Parameters

I finally gave NotebookLM my full attention – and it really is a total game changer

Google Chrome for iOS now lets you switch between personal and work accounts

How the Trump administration changed AI: A timeline

Download your photos before AT&T shuts down its cloud storage service permanently

Laravel Live Denmark

Laravel Live Denmark

The July 2025 Laravel Worldwide Meetup is Today

Livewire Security Vulnerability

Galaxy Z Fold 7 review: Six years later — Samsung finally cracks the foldable code

Galaxy Z Fold 7 review: Six years later — Samsung finally cracks the foldable code

Halo and Half-Life combine in wild new mod, bringing two of my favorite games together in one — here’s how to play, and how it works

Surprise! The iconic Roblox ‘oof’ sound is back — the beloved meme makes “a comeback so good it hurts” after three years of licensing issues

CVE-2025-7898 – “Codcanyon iDentSoft File Upload Vulnerability”

UNC6148 Backdoors Fully-Patched SonicWall SMA 100 Series Devices with OVERSTEP Rootkit

Hackers Exploit SharePoint Zero-Day Since July 7 to Steal Keys, Maintain Persistent Access

VS meldt actief misbruik van beveiligingslek in wifi-routers TP-Link

CVE-2025-6906 – Car Rental System SQL Injection Vulnerability

FOSS Weekly #25.17: Ubuntu 25.04 and Fedora 42 Release Follow-ups, Logseq, ZimaBoard and More

How to Add Custom Style Variations to WordPress Blocks

CVE-2024-43394 – Apache HTTP Server Windows SSRF NTLM Hash Leak

CVE-2025-24335 – Nokia Single RAN SOAP Message Input Validation Vulnerability

CVE-2025-29007 – LMSACE Connect Missing Authorization Vulnerability

CVE-2025-53027 – Oracle Virtualization VirtualBox Core Virtual Takeover

CVE-2025-7898 – “Codcanyon iDentSoft File Upload Vulnerability”

Related Posts