CVE-2025-7151
published 2025-07-07CVE-2025-7151: A vulnerability was found in Campcodes Advanced Online Voting System 1.0. It has been rated as critical. This issue affects some unknown processing of the file…
PriorityP260high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
0.36%
27.7th percentile
A vulnerability was found in Campcodes Advanced Online Voting System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/voters_add.php. The manipulation of the argument photo leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| campcodes | advanced_online_voting_system | — | — |
| msrc | microsoft_edge | — | — |
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv4.02.1LOWCVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
nvdv2.06.5MEDIUMAV:N/AC:L/Au:S/C:P/I:P/A:P
vendor_msrc8.8HIGH
vendor_redhat5.4MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-pr8x-7ghp-f6mv: A vulnerability was found in Campcodes Advanced Online Voting System 1
ghsa_unreviewed·2025-07-08
CVE-2025-7151 [MEDIUM] CWE-284 GHSA-pr8x-7ghp-f6mv: A vulnerability was found in Campcodes Advanced Online Voting System 1
A vulnerability was found in Campcodes Advanced Online Voting System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/voters_add.php. The manipulation of the argument photo leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Microsoft
Chromium: CVE-2025-5419 Out of bounds read and write in V8
vendor_msrc·2025-06-10·CVSS 8.8
CVE-2025-5419 [HIGH] Chromium: CVE-2025-5419 Out of bounds read and write in V8
Chromium: CVE-2025-5419 Out of bounds read and write in V8
Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. Google is aware that an exploit for CVE-2025-5419 exists in the wild.
FAQ: What is the version information for this release?
Microsoft Edge Version
Date Released
Based on Chromium Version
137.0.3296.62
6/3/2025
137.0.7151.68/.69
FAQ: Why is this Chrome CVE included in the Security Update Guide?
The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromiu
Microsoft
Chromium: CVE-2025-5068 Use after free in Blink
vendor_msrc·2025-06-10·CVSS 8.8
CVE-2025-5068 [HIGH] Chromium: CVE-2025-5068 Use after free in Blink
Chromium: CVE-2025-5068 Use after free in Blink
Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
FAQ: What is the version information for this release?
Microsoft Edge Version
Date Released
Based on Chromium Version
137.0.3296.62
6/3/2025
137.0.7151.68/.69
FAQ: Why is this Chrome CVE included in the Security Update Guide?
The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.
How can I see the version of the browser?
In y
Red Hat
libvpx: Double-free in libvpx encoder
vendor_redhat·2025-05-27·CVSS 5.4
CVE-2025-5283 [MEDIUM] CWE-415 libvpx: Double-free in libvpx encoder
libvpx: Double-free in libvpx encoder
Use after free in libvpx in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
A flaw was found in libvpx. A double-free issue can occur in `vpx_codec_enc_init_multi` after a failed allocation when initializing the encoder for WebRTC. This can cause memory corruption and an exploitable crash.
Statement: This vulnerability marked as Important rather than Moderate due to the nature of the flaw, a double-free in vpx_codec_enc_init_multi, which can lead to heap memory corruption. Double-free issues compromise memory integrity and are often a precursor to use-after-free or arbitrary code execution vulnerabilities, particularly in applications
Microsoft
Chromium: CVE-2025-5066 Inappropriate implementation in Messages
vendor_msrc·2025-05-13·CVSS 6.5
CVE-2025-5066 [MEDIUM] Chromium: CVE-2025-5066 Inappropriate implementation in Messages
Chromium: CVE-2025-5066 Inappropriate implementation in Messages
Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
FAQ: What is the version information for this release?
Microsoft Edge Version
Date Released
Based on Chromium Version
137.0.3296.52
5/29/2025
137.0.7151.55/.56
FAQ: Why is this Chrome CVE included in the Security Update Guide?
The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.
How can I see the version of
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2025-07-07
Published