Development

CVE ID : CVE-2025-7123

Published : July 7, 2025, 10:15 a.m. | 2 hours, 54 minutes ago

Description : A vulnerability was found in Campcodes Complaint Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/complaint-details.php. The manipulation of the argument cid/uid leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Severity: 4.7 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-7124

Published : July 7, 2025, 11:15 a.m. | 1 hour, 53 minutes ago

Description : A vulnerability classified as critical has been found in code-projects Online Note Sharing 1.0. Affected is an unknown function of the file /dashboard/userprofile.php of the component Profile Image Handler. The manipulation of the argument image leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Severity: 6.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-7125

Published : July 7, 2025, 11:15 a.m. | 1 hour, 53 minutes ago

Description : A vulnerability classified as critical was found in itsourcecode Employee Management System up to 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/editempeducation.php. The manipulation of the argument coursepg leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Severity: 6.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-7126

Published : July 7, 2025, 12:15 p.m. | 54 minutes ago

Description : A vulnerability, which was classified as critical, has been found in itsourcecode Employee Management System up to 1.0. Affected by this issue is some unknown functionality of the file /admin/adminprofile.php. The manipulation of the argument AdminName leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

Severity: 6.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-7127

Published : July 7, 2025, 12:15 p.m. | 54 minutes ago

Description : A vulnerability, which was classified as critical, was found in itsourcecode Employee Management System up to 1.0. This affects an unknown part of the file /admin/changepassword.php. The manipulation of the argument currentpassword leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Severity: 4.7 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

ScriptCase Vulnerabilities Let Attackers Execute Remote Code and Gain Server Access

Two critical vulnerabilities in ScriptCase’s Production Environment module can be chained together to achieve pre-authenticated remote command execution on affected servers.
The vulnerabilities, track …
Read more

Published Date:
Jul 07, 2025 (5 hours, 39 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2025-47228

CVE-2025-47227

It’s no secret that our colleagues are the key to Perficient’s success. We have some of the best and brightest…

Citrix has released security updates to address a critical flaw affecting NetScaler ADC that it said has been exploited in…

Laravel’s content type inspection methods enable sophisticated content negotiation. Use getAcceptableContentTypes and accepts methods to build flexible endpoints that serve…

The Pipe Operator is scheduled for release with PHP 8.5 on November 20, 2025. Learn how to chain multiple callables…

React.js is the most popular front-end JS framework. There are a few ways to use React in Laravel projects, and…

If you didn’t hear about Iranian hackers breaching US water facilities, it’s because they only managed to control a single pressure…

CVE ID : CVE-2025-7114

Published : July 7, 2025, 6:15 a.m. | 3 hours, 32 minutes ago

Description : A vulnerability was found in SimStudioAI sim up to 37786d371e17d35e0764e1b5cd519d873d90d97b. It has been declared as critical. Affected by this vulnerability is the function POST of the file apps/sim/app/api/files/upload/route.ts of the component Session Handler. The manipulation of the argument Request leads to missing authentication. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Severity: 7.3 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-7115

Published : July 7, 2025, 6:15 a.m. | 3 hours, 32 minutes ago

Description : A vulnerability was found in rowboatlabs rowboat up to 8096eaf63b5a0732edd8f812bee05b78e214ee97. It has been rated as critical. Affected by this issue is the function PUT of the file apps/rowboat/app/api/uploads/[fileId]/route.ts of the component Session Handler. The manipulation of the argument params leads to missing authentication. The attack may be launched remotely. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. It is expected that this issue will be fixed in the near future.

Severity: 7.3 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-41672

Published : July 7, 2025, 7:15 a.m. | 2 hours, 32 minutes ago

Description : A remote unauthenticated attacker may use default certificates to generate JWT Tokens and gain full access to the tool and all connected devices.

Severity: 10.0 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-7117

Published : July 7, 2025, 7:15 a.m. | 2 hours, 32 minutes ago

Description : A vulnerability classified as critical was found in UTT HiPER 840G up to 3.1.1-190328. This vulnerability affects unknown code of the file /goform/websWhiteList. The manipulation of the argument addHostFilter leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Severity: 8.8 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-7116

Published : July 7, 2025, 7:15 a.m. | 2 hours, 32 minutes ago

Description : A vulnerability classified as critical has been found in UTT 进取 750W up to 3.2.2-191225. This affects an unknown part of the file /goform/Fast_wireless_conf. The manipulation of the argument ssid leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Severity: 8.8 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-7118

Published : July 7, 2025, 8:15 a.m. | 59 minutes ago

Description : A vulnerability, which was classified as critical, has been found in UTT HiPER 840G up to 3.1.1-190328. This issue affects some unknown processing of the file /goform/formPictureUrl. The manipulation of the argument importpictureurl leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Severity: 8.8 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-7119

Published : July 7, 2025, 8:15 a.m. | 1 hour, 32 minutes ago

Description : A vulnerability has been found in Campcodes Complaint Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /users/index.php. The manipulation of the argument Username leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Severity: 7.3 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-3920

Published : July 7, 2025, 9:15 a.m. | 32 minutes ago

Description : A vulnerability was identified in SUR-FBD CMMS where hard-coded credentials were found within a compiled DLL file. These credentials correspond to a built-in administrative account of the software. An attacker with local access to the system or the application’s installation directory could extract these credentials, potentially leading to a complete compromise of the application’s administrative functions. This issue was fixed in version 2025.03.27 of the SUR-FBD CMMS software.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…