CVE Alert: CVE-2025-5154
Vulnerability Summary: CVE-2025-5154 A vulnerability, which was classified as problematic, was found in PhonePe App 25.03.21.0 on Android. Affected is...
CVE Alert: CVE-2025-5155
Vulnerability Summary: CVE-2025-5155 A vulnerability has been found in qianfox FoxCMS 1.2.5 and classified as critical. Affected by this vulnerability...
CVE Alert: CVE-2025-5158
Vulnerability Summary: CVE-2025-5158 A vulnerability was found in H3C SecCenter SMP-E1114P02 up to 20250513. It has been declared as problematic....
CVE Alert: CVE-2025-47641
Vulnerability Summary: CVE-2025-47641 Unrestricted Upload of File with Dangerous Type vulnerability in printcart Printcart Web to Print Product Designer for...
CVE Alert: CVE-2025-47640
Vulnerability Summary: CVE-2025-47640 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in printcart Printcart Web...
CVE Alert: CVE-2025-47637
Vulnerability Summary: CVE-2025-47637 Unrestricted Upload of File with Dangerous Type vulnerability in STAGGS STAGGS allows Upload a Web Shell to...
CVE Alert: CVE-2025-47642
Vulnerability Summary: CVE-2025-47642 Unrestricted Upload of File with Dangerous Type vulnerability in Ajar Productions Ajar in5 Embed allows Upload a...
CVE Alert: CVE-2025-47631
Vulnerability Summary: CVE-2025-47631 Incorrect Privilege Assignment vulnerability in mojoomla Hospital Management System allows Privilege Escalation. This issue affects Hospital Management...
CVE Alert: CVE-2025-47671
Vulnerability Summary: CVE-2025-47671 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in LETSCMS MLM Software...
CVE Alert: CVE-2025-47673
Vulnerability Summary: CVE-2025-47673 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in tychesoftwares Arconix Shortcodes allows Reflected...
CVE Alert: CVE-2025-47672
Vulnerability Summary: CVE-2025-47672 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in miniOrange...
CVE Alert: CVE-2025-47670
Vulnerability Summary: CVE-2025-47670 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in miniOrange...
CVE Alert: CVE-2025-47619
Vulnerability Summary: CVE-2025-47619 Missing Authorization vulnerability in 6Storage 6Storage Rentals allows Path Traversal. This issue affects 6Storage Rentals: from n/a...
CVE Alert: CVE-2025-47658
Vulnerability Summary: CVE-2025-47658 Unrestricted Upload of File with Dangerous Type vulnerability in ELEXtensions ELEX WordPress HelpDesk & Customer Ticketing System...
CVE Alert: CVE-2025-48271
Vulnerability Summary: CVE-2025-48271 Missing Authorization vulnerability in Leadinfo Leadinfo allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects...
CVE Alert: CVE-2025-47660
Vulnerability Summary: CVE-2025-47660 Deserialization of Untrusted Data vulnerability in Codexpert, Inc WC Affiliate allows Object Injection. This issue affects WC...
CVE Alert: CVE-2025-47663
Vulnerability Summary: CVE-2025-47663 Unrestricted Upload of File with Dangerous Type vulnerability in mojoomla Hospital Management System allows Upload a Web...
CVE Alert: CVE-2025-48245
Vulnerability Summary: CVE-2025-48245 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in fullworks Quick Contact Form allows...
CVE Alert: CVE-2025-47678
Vulnerability Summary: CVE-2025-47678 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in FunnelCockpit FunnelCockpit allows Reflected XSS....
CVE Alert: CVE-2025-48241
Vulnerability Summary: CVE-2025-48241 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Soft8Soft LLC Verge3D allows Reflected...
CVE Alert: CVE-2025-47687
Vulnerability Summary: CVE-2025-47687 Unrestricted Upload of File with Dangerous Type vulnerability in StoreKeeper B.V. StoreKeeper for WooCommerce allows Upload a...
CVE Alert: CVE-2025-47680
Vulnerability Summary: CVE-2025-47680 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Michel - xiligroup dev xili-tidy-tags...
CVE Alert: CVE-2025-47690
Vulnerability Summary: CVE-2025-47690 Missing Authorization vulnerability in smackcoders Lead Form Data Collection to CRM allows Privilege Escalation. This issue affects...
HackerOne Bug Bounty Disclosure: wasi-sandbox-escape-via-symlink-jessewilson
Company Name: Node.js Company HackerOne URL: https://hackerone.com/nodejs Submitted By:jessewilsonLink to Submitters Profile:https://hackerone.com/jessewilson Report Title:WASI sandbox escape via symlinkReport Link:https://hackerone.com/reports/2084280Date Submitted:24...
