Security Vulnerabilities - CVEs Published In July 2025
Intelbras RX1500 Router v2.2.17 and before is vulnerable to Integer Overflow. The websReadEvent function incorrectly uses the int type when processing the "command" field of the http header, causing the array to cross the boundary and overwrite other fields in the array.
CVSS Score
5.3
EPSS Score
0.004
Published
2025-07-01
Intelbras RX1500 Router v2.2.17 and before is vulnerable to Incorrect Access Control in the FirmwareUpload function and GetFirmwareValidation function.
CVSS Score
6.5
EPSS Score
0.003
Published
2025-07-01
Sentry is a developer-first error tracking and performance monitoring tool. Prior to version 25.5.0, an attacker with a malicious OAuth application registered with Sentry can take advantage of a race condition and improper handling of authorization code within Sentry to maintain persistence to a user's account. With a specially timed requests and redirect flows, an attacker could generate multiple authorization codes that could be used to exchange for access and refresh tokens. This was possible even after de-authorizing the particular application. This issue has been patched in version 25.5.0. Self-hosted Sentry users should upgrade to version 25.5.0 or higher. Sentry SaaS users do not need to take any action.
CVSS Score
5.5
EPSS Score
0.003
Published
2025-07-01
A vulnerability was found in Campcodes Employee Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /process/eprocess.php. The manipulation of the argument mailuid leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
CVSS Score
5.5
EPSS Score
0.003
Published
2025-07-01
A vulnerability was found in Campcodes Employee Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /edit.php. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
CVSS Score
5.5
EPSS Score
0.003
Published
2025-07-01
A path traversal vulnerability exists in HPE Insight Remote Support (IRS) prior to v7.15.0.646.
CVSS Score
7.5
EPSS Score
0.008
Published
2025-07-01
A vulnerability was found in Campcodes Employee Management System 1.0. It has been classified as critical. This affects an unknown part of the file /changepassemp.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
CVSS Score
5.5
EPSS Score
0.003
Published
2025-07-01
A vulnerability, which was classified as critical, was found in TOTOLINK A3002RU 3.0.0-B20230809.1615. Affected is an unknown function of the file /boafrm/formParentControl of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
CVSS Score
7.4
EPSS Score
0.014
Published
2025-07-01
A vulnerability has been found in Campcodes Employee Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /applyleave.php. The manipulation of the argument ID leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
CVSS Score
5.5
EPSS Score
0.003
Published
2025-07-01
A vulnerability was found in Campcodes Employee Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /process/aprocess.php. The manipulation of the argument mailuid leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
CVSS Score
5.5
EPSS Score
0.003
Published
2025-07-01