Security Vulnerabilities - CVEs Published In July 2025
Authentication vulnerability in the distributed collaboration framework module
Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVSS Score
6.9
EPSS Score
0.001
Published
2025-07-07
Vulnerability of bypassing the process to start SA and use related functions on distributed cameras
Impact: Successful exploitation of this vulnerability may allow the peer device to use the camera without user awareness.
CVSS Score
5.7
EPSS Score
0.001
Published
2025-07-07
Vulnerability of bypassing the process to start SA and use related functions on distributed cameras
Impact: Successful exploitation of this vulnerability may allow the peer device to use the camera without user awareness.
CVSS Score
7.6
EPSS Score
0.001
Published
2025-07-07
Null pointer dereference vulnerability in the application exit cause module
Impact: Successful exploitation of this vulnerability may affect function stability.
CVSS Score
4.0
EPSS Score
0.0
Published
2025-07-07
Stack overflow risk when vector images are parsed during file preview
Impact: Successful exploitation of this vulnerability may affect the file preview function.
CVSS Score
4.0
EPSS Score
0.0
Published
2025-07-07
Stack overflow risk when vector images are parsed during file preview
Impact: Successful exploitation of this vulnerability may affect the file preview function.
CVSS Score
4.0
EPSS Score
0.0
Published
2025-07-07
A vulnerability was found in BoyunCMS up to 1.4.20. It has been rated as critical. This issue affects some unknown processing of the file /application/pay/controller/Index.php of the component curl. The manipulation leads to server-side request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
CVSS Score
2.1
EPSS Score
0.002
Published
2025-07-07
A vulnerability was found in BoyunCMS up to 1.4.20. It has been classified as critical. This affects an unknown part of the file /install/install_ok.php of the component Configuration File Handler. The manipulation of the argument db_pass leads to code injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
CVSS Score
2.1
EPSS Score
0.003
Published
2025-07-07
A vulnerability was found in BoyunCMS up to 1.4.20. It has been declared as critical. This vulnerability affects unknown code of the file application/update/controller/Server.php. The manipulation of the argument phone leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
CVSS Score
2.1
EPSS Score
0.002
Published
2025-07-07
A vulnerability was found in BoyunCMS up to 1.4.20 and classified as critical. Affected by this issue is some unknown functionality of the file /application/user/controller/Index.php. The manipulation of the argument image leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
CVSS Score
2.1
EPSS Score
0.003
Published
2025-07-07