Filter
-Infinity
0

Trending

Last week
Last month
Last year

iceCMSIceCMS v3.4.7 and before was discovered to contain a hardcoded JWT key, allowing an attacker to forg…

critical
9.8
First published (updated )
CVE-2024-46612

Dedecms v6dedecmdv6 v6.1.9 is vulnerable to Arbitrary file deletion via file_manage_control.php.

critical
9.1
First published (updated )
CVE-2022-43196

Dedecms v6dedecmdv6 v6.1.9 is vulnerable to Remote Code Execution (RCE) via file_manage_control.php.

critical
9.8
First published (updated )
CVE-2022-44118

Billing Management SystemSQL Injection

critical
9.8
First published (updated )
CVE-2022-43213

Sourcecodester Online Medicine Ordering SystemSourcecodester Online Medicine Ordering System 1.0 is vulnerable to Incorrect Access Control. There …

critical
9.8
First published (updated )
CVE-2024-46293

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

composer/craftcms/cmsCraft CMS Allows Remote Code Execution

critical
10
Exploited
Zeroday
Trending
Week
First published (updated )
CVE-2025-32432

Best House Rental Management SystemSQL Injection, Code Injection

critical
9.8
First published (updated )
CVE-2024-48579

phpgurukul Men Salon Management SystemPHPGurukul Men Salon Management System forgot-password.php sql injection

critical
9.8
EPSS
0.04%
First published (updated )
CVE-2025-3827

phpgurukul Men Salon Management SystemPHPGurukul Men Salon Management System view-appointment.php sql injection

critical
9.8
EPSS
0.04%
First published (updated )
CVE-2025-3828

phpgurukul Men Salon Management SystemPHPGurukul Men Salon Management System sales-reports-detail.php sql injection

critical
9.8
EPSS
0.04%
First published (updated )
CVE-2025-3829

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

LyLme SpageSQL Injection

critical
9.8
First published (updated )
CVE-2024-48357

LinqiAn issue was discovered in linqi before 1.4.0.1 on Windows. There is LDAP injection.

critical
9.8
First published (updated )
CVE-2024-33868

ClasscmsMalicious File Upload

critical
9.8
First published (updated )
CVE-2024-48180

LinqiAn issue was discovered in linqi before 1.4.0.1 on Windows. There is /api/Cdn/GetFile local file inc…

critical
9.8
First published (updated )
CVE-2024-33863

OvaledgeOvalEdge 5.2.8.0 and earlier is affected by an Account Takeover vulnerability via a POST request to …

critical
9.8
First published (updated )
CVE-2022-30355

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

GDidees CMSMalicious File Upload

critical
9.8
First published (updated )
CVE-2024-46101

NebulaGraphAn issue was discovered in vesoft NebulaGraph through 3.8.0. It allows bypassing authentication.

critical
9.8
First published (updated )
CVE-2024-47218

NebulaGraphCommand Injection, Code Injection

critical
9.8
First published (updated )
CVE-2024-47219

Qualitia Active! MailQualitia Active! Mail Stack-Based Buffer Overflow Vulnerability

critical
9.8
Exploited
Zeroday
EPSS
0.30%
First published (updated )
CVE-2025-42599

MikroTik devicesMikroTik Router OS Directory Traversal Vulnerability

critical
9.1
Exploited
First published (updated )
CVE-2018-14847

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Raisecom Msg1200 FirmwarePath Traversal

critical
9.1
First published (updated )
CVE-2024-55516

Raisecom Msg1200 FirmwarePath Traversal

critical
9.8
First published (updated )
CVE-2024-55515

Raisecom Msg1200 FirmwarePath Traversal

critical
9.1
First published (updated )
CVE-2024-55513

Kashipara Music Management SystemAn Incorrect Access Control vulnerability was found in /music/ajax.php?action=delete_playlist in Kas…

critical
9.8
First published (updated )
CVE-2024-42797

Veeam ONEA vulnerability that allows an attacker in possession of the Veeam ONE Agent service account credent…

critical
9.1
First published (updated )
CVE-2024-42024

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Oracle E-Business Suite (iSurvey Module)Vulnerability in the Oracle Scripting product of Oracle E-Business Suite (component: iSurvey Module)…

critical
9.8
First published (updated )
CVE-2025-30727

Yii FrameworkCode Injection

critical
9.1
Exploited
Zeroday
First published (updated )
CVE-2024-58136

Webmin UserminUsermin 0.980 through 1.x before 1.660 allows uconfig_save.cgi sig_file_free remote code execution b…

critical
9.9
First published (updated )
CVE-2015-2079

SparkshopMalicious File Upload

critical
9.8
First published (updated )
CVE-2024-40425

ThinksaasSQL Injection

critical
9.8
First published (updated )
CVE-2024-40456

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203