CVE Alert: CVE-2025-47671
Vulnerability Summary: CVE-2025-47671 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in LETSCMS MLM Software...
Month: May 2025
CVE Alert: CVE-2025-47673
Vulnerability Summary: CVE-2025-47673 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in tychesoftwares Arconix Shortcodes allows Reflected...
CVE Alert: CVE-2025-47672
Vulnerability Summary: CVE-2025-47672 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in miniOrange...
CVE Alert: CVE-2025-47670
Vulnerability Summary: CVE-2025-47670 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in miniOrange...
CVE Alert: CVE-2025-47619
Vulnerability Summary: CVE-2025-47619 Missing Authorization vulnerability in 6Storage 6Storage Rentals allows Path Traversal. This issue affects 6Storage Rentals: from n/a...
CVE Alert: CVE-2025-47658
Vulnerability Summary: CVE-2025-47658 Unrestricted Upload of File with Dangerous Type vulnerability in ELEXtensions ELEX WordPress HelpDesk & Customer Ticketing System...
CVE Alert: CVE-2025-48271
Vulnerability Summary: CVE-2025-48271 Missing Authorization vulnerability in Leadinfo Leadinfo allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects...
CVE Alert: CVE-2025-47660
Vulnerability Summary: CVE-2025-47660 Deserialization of Untrusted Data vulnerability in Codexpert, Inc WC Affiliate allows Object Injection. This issue affects WC...
CVE Alert: CVE-2025-47663
Vulnerability Summary: CVE-2025-47663 Unrestricted Upload of File with Dangerous Type vulnerability in mojoomla Hospital Management System allows Upload a Web...
CVE Alert: CVE-2025-48245
Vulnerability Summary: CVE-2025-48245 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in fullworks Quick Contact Form allows...
CVE Alert: CVE-2025-47678
Vulnerability Summary: CVE-2025-47678 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in FunnelCockpit FunnelCockpit allows Reflected XSS....
CVE Alert: CVE-2025-48241
Vulnerability Summary: CVE-2025-48241 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Soft8Soft LLC Verge3D allows Reflected...
CVE Alert: CVE-2025-47687
Vulnerability Summary: CVE-2025-47687 Unrestricted Upload of File with Dangerous Type vulnerability in StoreKeeper B.V. StoreKeeper for WooCommerce allows Upload a...
CVE Alert: CVE-2025-47680
Vulnerability Summary: CVE-2025-47680 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Michel - xiligroup dev xili-tidy-tags...
CVE Alert: CVE-2025-47690
Vulnerability Summary: CVE-2025-47690 Missing Authorization vulnerability in smackcoders Lead Form Data Collection to CRM allows Privilege Escalation. This issue affects...
HackerOne Bug Bounty Disclosure: wasi-sandbox-escape-via-symlink-jessewilson
Company Name: Node.js Company HackerOne URL: https://hackerone.com/nodejs Submitted By:jessewilsonLink to Submitters Profile:https://hackerone.com/jessewilson Report Title:WASI sandbox escape via symlinkReport Link:https://hackerone.com/reports/2084280Date Submitted:24...
[AKIRA] – Ransomware Victim: Insight PipeContracting
Ransomware Group: AKIRA VICTIM NAME: Insight PipeContracting NOTE: No files or stolen information are by RedPacket Security. Any legal issues...
CVE Alert: CVE-2025-48286
Vulnerability Summary: CVE-2025-48286 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in catkin ReDi Restaurant Reservation allows...
CVE Alert: CVE-2025-48287
Vulnerability Summary: CVE-2025-48287 Deserialization of Untrusted Data vulnerability in Pagaleve Pix 4x sem juros - Pagaleve allows Object Injection.This issue...
CVE Alert: CVE-2025-48289
Vulnerability Summary: CVE-2025-48289 Deserialization of Untrusted Data vulnerability in AncoraThemes Kids Planet allows Object Injection. This issue affects Kids Planet:...
CVE Alert: CVE-2025-48275
Vulnerability Summary: CVE-2025-48275 Missing Authorization vulnerability in dastan800 Visual Header allows Exploiting Incorrectly Configured Access Control Security Levels. This issue...
CVE Alert: CVE-2025-48283
Vulnerability Summary: CVE-2025-48283 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Majestic Support Majestic...
CVE Alert: CVE-2025-5107
Vulnerability Summary: CVE-2025-5107 A vulnerability was found in Fujian Kelixun 1.0. It has been declared as critical. This vulnerability affects...
CVE Alert: CVE-2025-48273
Vulnerability Summary: CVE-2025-48273 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in wpjobportal WP Job Portal...
