CVE-2025-52634 - HCL AION is susceptible to Spring Boot Actuator Endpoints Exposed
CVE ID : CVE-2025-52634
Published : Oct. 10, 2025, 10:15 a.m. | 43 minutes ago
Description : Exposure of Sensitive Information to an Unauthorized Actor vulnerability in HCL AION This issue affects HCL AION: 2.0.
Severity: 3.7 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-52634
Published : Oct. 10, 2025, 10:15 a.m. | 43 minutes ago
Description : Exposure of Sensitive Information to an Unauthorized Actor vulnerability in HCL AION This issue affects HCL AION: 2.0.
Severity: 3.7 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-52650 - HCL AION is susceptible to Inline script execution allowed in CSP vulnerability
CVE ID : CVE-2025-52650
Published : Oct. 10, 2025, 10:15 a.m. | 43 minutes ago
Description : Inline script execution allowed in CSP vulnerability has been identified in HCL AION v2.0
Severity: 8.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-52650
Published : Oct. 10, 2025, 10:15 a.m. | 43 minutes ago
Description : Inline script execution allowed in CSP vulnerability has been identified in HCL AION v2.0
Severity: 8.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-61856 - V-SFT Buffer Overflow Vulnerability
CVE ID : CVE-2025-61856
Published : Oct. 10, 2025, 10:19 a.m. | 39 minutes ago
Description : A stack-based buffer overflow vulnerability exists in VS6ComFile!CV7BaseMap::WriteV7DataToRom of V-SFT v6.2.7.0 and earlier. Opening specially crafted V-SFT files may lead to information disclosure, affected system's abnormal end (ABEND), and arbitrary code execution.
Severity: 8.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-61856
Published : Oct. 10, 2025, 10:19 a.m. | 39 minutes ago
Description : A stack-based buffer overflow vulnerability exists in VS6ComFile!CV7BaseMap::WriteV7DataToRom of V-SFT v6.2.7.0 and earlier. Opening specially crafted V-SFT files may lead to information disclosure, affected system's abnormal end (ABEND), and arbitrary code execution.
Severity: 8.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-52635 - HCL AION is susceptible to Trusted types in scripts not enforced in CSP
CVE ID : CVE-2025-52635
Published : Oct. 10, 2025, 10:21 a.m. | 37 minutes ago
Description : A rusted types in scripts not enforced in CSP vulnerability has been identified in HCL AION.This issue affects AION: 2.0.
Severity: 3.7 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-52635
Published : Oct. 10, 2025, 10:21 a.m. | 37 minutes ago
Description : A rusted types in scripts not enforced in CSP vulnerability has been identified in HCL AION.This issue affects AION: 2.0.
Severity: 3.7 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-52624 - HCL AION is susceptible to Bypass of the script allow list configuration vulnerability
CVE ID : CVE-2025-52624
Published : Oct. 10, 2025, 10:25 a.m. | 33 minutes ago
Description : A vulnerability Bypass of the script allowlist configuration in HCL AION. An incorrectly configured Content-Security-Policy header may allow unauthorized scripts to execute, increasing the risk of cross-site scripting and other injection-based attacks.This issue affects AION: 2.0.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-52624
Published : Oct. 10, 2025, 10:25 a.m. | 33 minutes ago
Description : A vulnerability Bypass of the script allowlist configuration in HCL AION. An incorrectly configured Content-Security-Policy header may allow unauthorized scripts to execute, increasing the risk of cross-site scripting and other injection-based attacks.This issue affects AION: 2.0.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-61858 - An out-of-bounds write vulnerability exists in VS6
CVE ID : CVE-2025-61858
Published : Oct. 10, 2025, 10:28 a.m. | 30 minutes ago
Description : An out-of-bounds write vulnerability exists in VS6ComFile!set_AnimationItem of V-SFT v6.2.7.0 and earlier. Opening specially crafted V-SFT files may lead to information disclosure, affected system's abnormal end (ABEND), and arbitrary code execution.
Severity: 8.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-61858
Published : Oct. 10, 2025, 10:28 a.m. | 30 minutes ago
Description : An out-of-bounds write vulnerability exists in VS6ComFile!set_AnimationItem of V-SFT v6.2.7.0 and earlier. Opening specially crafted V-SFT files may lead to information disclosure, affected system's abnormal end (ABEND), and arbitrary code execution.
Severity: 8.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-52625 - HCL AION is susceptible to Cacheable SSL Page Found vulnerability
CVE ID : CVE-2025-52625
Published : Oct. 10, 2025, 10:28 a.m. | 29 minutes ago
Description : A vulnerability Cacheable SSL Page Found vulnerability has been identified in HCL AION. Cached data may expose credentials, system identifiers, or internal file paths to attackers with access to the device or browser This issue affects AION: 2.0.
Severity: 3.7 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-52625
Published : Oct. 10, 2025, 10:28 a.m. | 29 minutes ago
Description : A vulnerability Cacheable SSL Page Found vulnerability has been identified in HCL AION. Cached data may expose credentials, system identifiers, or internal file paths to attackers with access to the device or browser This issue affects AION: 2.0.
Severity: 3.7 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-61857 - V-SFT Font Parsing Out-of-Bounds Write Vulnerability
CVE ID : CVE-2025-61857
Published : Oct. 10, 2025, 10:29 a.m. | 29 minutes ago
Description : An out-of-bounds write vulnerability exists in VS6ComFile!CItemExChange::WinFontDynStrCheck of V-SFT v6.2.7.0 and earlier. Opening specially crafted V-SFT files may lead to information disclosure, affected system's abnormal end (ABEND), and arbitrary code execution.
Severity: 8.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-61857
Published : Oct. 10, 2025, 10:29 a.m. | 29 minutes ago
Description : An out-of-bounds write vulnerability exists in VS6ComFile!CItemExChange::WinFontDynStrCheck of V-SFT v6.2.7.0 and earlier. Opening specially crafted V-SFT files may lead to information disclosure, affected system's abnormal end (ABEND), and arbitrary code execution.
Severity: 8.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-61859 - V-SFT VS6ComFile Out-of-Bounds Write Vulnerability
CVE ID : CVE-2025-61859
Published : Oct. 10, 2025, 10:33 a.m. | 25 minutes ago
Description : An out-of-bounds write vulnerability exists in VS6ComFile!CItemDraw::is_motion_tween of V-SFT v6.2.7.0 and earlier. Opening specially crafted V-SFT files may lead to information disclosure, affected system's abnormal end (ABEND), and arbitrary code execution.
Severity: 8.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-61859
Published : Oct. 10, 2025, 10:33 a.m. | 25 minutes ago
Description : An out-of-bounds write vulnerability exists in VS6ComFile!CItemDraw::is_motion_tween of V-SFT v6.2.7.0 and earlier. Opening specially crafted V-SFT files may lead to information disclosure, affected system's abnormal end (ABEND), and arbitrary code execution.
Severity: 8.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-61860 - V-SFT Out-of-Bounds Read Vulnerability
CVE ID : CVE-2025-61860
Published : Oct. 10, 2025, 10:36 a.m. | 22 minutes ago
Description : An out-of-bounds read vulnerability exists in VS6MemInIF!set_temp_type_default of V-SFT v6.2.7.0 and earlier. Opening specially crafted V-SFT files may lead to information disclosure, affected system's abnormal end (ABEND), and arbitrary code execution.
Severity: 8.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-61860
Published : Oct. 10, 2025, 10:36 a.m. | 22 minutes ago
Description : An out-of-bounds read vulnerability exists in VS6MemInIF!set_temp_type_default of V-SFT v6.2.7.0 and earlier. Opening specially crafted V-SFT files may lead to information disclosure, affected system's abnormal end (ABEND), and arbitrary code execution.
Severity: 8.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-11189 - CVE-2025-11189
CVE ID : CVE-2025-11189
Published : Oct. 10, 2025, 11:15 a.m. | 3 hours, 44 minutes ago
Description : The Kiwire Captive Portal contains a reflected cross-site scripting (XSS) vulnerability within the login-url parameter, allowing for Javascript execution.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-11189
Published : Oct. 10, 2025, 11:15 a.m. | 3 hours, 44 minutes ago
Description : The Kiwire Captive Portal contains a reflected cross-site scripting (XSS) vulnerability within the login-url parameter, allowing for Javascript execution.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-11190 - CVE-2025-11190
CVE ID : CVE-2025-11190
Published : Oct. 10, 2025, 11:15 a.m. | 3 hours, 44 minutes ago
Description : The Kiwire Captive Portal contains an open redirection issue via the login-url parameter, allowing an attacker to redirect users to an attacker controlled website.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-11190
Published : Oct. 10, 2025, 11:15 a.m. | 3 hours, 44 minutes ago
Description : The Kiwire Captive Portal contains an open redirection issue via the login-url parameter, allowing an attacker to redirect users to an attacker controlled website.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-61861 - V-SFT VS6ComFile Out-of-Bounds Read Vulnerability
CVE ID : CVE-2025-61861
Published : Oct. 10, 2025, 11:15 a.m. | 3 hours, 44 minutes ago
Description : An out-of-bounds read vulnerability exists in VS6ComFile!load_link_inf of V-SFT v6.2.7.0 and earlier. Opening specially crafted V-SFT files may lead to information disclosure, affected system's abnormal end (ABEND), and arbitrary code execution.
Severity: 8.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-61861
Published : Oct. 10, 2025, 11:15 a.m. | 3 hours, 44 minutes ago
Description : An out-of-bounds read vulnerability exists in VS6ComFile!load_link_inf of V-SFT v6.2.7.0 and earlier. Opening specially crafted V-SFT files may lead to information disclosure, affected system's abnormal end (ABEND), and arbitrary code execution.
Severity: 8.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-61862 - V-SFT Out-of-Bounds Read Vulnerability
CVE ID : CVE-2025-61862
Published : Oct. 10, 2025, 11:15 a.m. | 3 hours, 44 minutes ago
Description : An out-of-bounds read vulnerability exists in VS6ComFile!get_ovlp_element_size of V-SFT v6.2.7.0 and earlier. Opening specially crafted V-SFT files may lead to information disclosure, affected system's abnormal end (ABEND), and arbitrary code execution.
Severity: 8.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-61862
Published : Oct. 10, 2025, 11:15 a.m. | 3 hours, 44 minutes ago
Description : An out-of-bounds read vulnerability exists in VS6ComFile!get_ovlp_element_size of V-SFT v6.2.7.0 and earlier. Opening specially crafted V-SFT files may lead to information disclosure, affected system's abnormal end (ABEND), and arbitrary code execution.
Severity: 8.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-61863 - V-SFT VS6ComFile OOB Read Arbitrary Code Execution Vulnerability
CVE ID : CVE-2025-61863
Published : Oct. 10, 2025, 11:15 a.m. | 3 hours, 44 minutes ago
Description : An out-of-bounds read vulnerability exists in VS6ComFile!CSaveData::delete_mem of V-SFT v6.2.7.0 and earlier. Opening specially crafted V-SFT files may lead to information disclosure, affected system's abnormal end (ABEND), and arbitrary code execution.
Severity: 8.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-61863
Published : Oct. 10, 2025, 11:15 a.m. | 3 hours, 44 minutes ago
Description : An out-of-bounds read vulnerability exists in VS6ComFile!CSaveData::delete_mem of V-SFT v6.2.7.0 and earlier. Opening specially crafted V-SFT files may lead to information disclosure, affected system's abnormal end (ABEND), and arbitrary code execution.
Severity: 8.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-61864 - V-SFT VS6ComFile Use After Free Buffer Overflow
CVE ID : CVE-2025-61864
Published : Oct. 10, 2025, 11:15 a.m. | 3 hours, 44 minutes ago
Description : A use after free vulnerability exists in VS6ComFile!load_link_inf of V-SFT v6.2.7.0 and earlier. Opening specially crafted V-SFT files may lead to information disclosure, affected system's abnormal end (ABEND), and arbitrary code execution.
Severity: 8.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-61864
Published : Oct. 10, 2025, 11:15 a.m. | 3 hours, 44 minutes ago
Description : A use after free vulnerability exists in VS6ComFile!load_link_inf of V-SFT v6.2.7.0 and earlier. Opening specially crafted V-SFT files may lead to information disclosure, affected system's abnormal end (ABEND), and arbitrary code execution.
Severity: 8.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-11579 - DoS via Out Of Memory Crash
CVE ID : CVE-2025-11579
Published : Oct. 10, 2025, 12:15 p.m. | 2 hours, 44 minutes ago
Description : github.com/nwaples/rardecode versions <=2.1.1 fail to restrict the dictionary size when reading large RAR dictionary sizes, which allows an attacker to provide a specially crafted RAR file and cause Denial of Service via an Out Of Memory Crash.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-11579
Published : Oct. 10, 2025, 12:15 p.m. | 2 hours, 44 minutes ago
Description : github.com/nwaples/rardecode versions <=2.1.1 fail to restrict the dictionary size when reading large RAR dictionary sizes, which allows an attacker to provide a specially crafted RAR file and cause Denial of Service via an Out Of Memory Crash.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-7374 - WP JobHunt <= 7.6 Authenticated (Custom+) Authorization Bypass
CVE ID : CVE-2025-7374
Published : Oct. 10, 2025, 12:15 p.m. | 2 hours, 44 minutes ago
Description : The WP JobHunt plugin for WordPress, used by the JobCareer theme, is vulnerable to authorization bypass in all versions up to, and including, 7.6. This is due to insufficient login restrictions on inactive and pending accounts. This makes it possible for authenticated attackers, with Candidate- and Employer-level access and above, to log in to the site even if their account is inactive or pending.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-7374
Published : Oct. 10, 2025, 12:15 p.m. | 2 hours, 44 minutes ago
Description : The WP JobHunt plugin for WordPress, used by the JobCareer theme, is vulnerable to authorization bypass in all versions up to, and including, 7.6. This is due to insufficient login restrictions on inactive and pending accounts. This makes it possible for authenticated attackers, with Candidate- and Employer-level access and above, to log in to the site even if their account is inactive or pending.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-7781 - WP JobHunt <= 7.6 - Authenticated (Candidate+) Stored Cross-Site Scripting via ‘cs_job_title’
CVE ID : CVE-2025-7781
Published : Oct. 10, 2025, 12:15 p.m. | 2 hours, 44 minutes ago
Description : The WP JobHunt plugin for WordPress, used by the JobCareer theme, is vulnerable to Stored Cross-Site Scripting via the ‘cs_job_title’ parameter in all versions up to, and including, 7.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Candidate-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-7781
Published : Oct. 10, 2025, 12:15 p.m. | 2 hours, 44 minutes ago
Description : The WP JobHunt plugin for WordPress, used by the JobCareer theme, is vulnerable to Stored Cross-Site Scripting via the ‘cs_job_title’ parameter in all versions up to, and including, 7.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Candidate-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-62237 - Liferay Portal Liferay DXP Stored Cross-Site Scripting (XSS)
CVE ID : CVE-2025-62237
Published : Oct. 10, 2025, 1:15 p.m. | 1 hour, 44 minutes ago
Description : Stored cross-site scripting (XSS) vulnerability in Commerce’s view order page in Liferay Portal 7.4.3.8 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, and 7.4 update 8 through update 92 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into an Account’s “Name” text field.
Severity: 4.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-62237
Published : Oct. 10, 2025, 1:15 p.m. | 1 hour, 44 minutes ago
Description : Stored cross-site scripting (XSS) vulnerability in Commerce’s view order page in Liferay Portal 7.4.3.8 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, and 7.4 update 8 through update 92 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into an Account’s “Name” text field.
Severity: 4.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-62238 - Liferay Portal Liferay DXP Stored Cross-Site Scripting (XSS)
CVE ID : CVE-2025-62238
Published : Oct. 10, 2025, 1:15 p.m. | 1 hour, 44 minutes ago
Description : Stored cross-site scripting (XSS) vulnerability on the Membership page in Account Settings in Liferay Portal 7.4.3.21 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, and 7.4 update 21 through update 92 allows remote authenticated attackers to inject arbitrary web script or HTML via a crafted payload injected into a Account's “Name“ text field.
Severity: 4.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-62238
Published : Oct. 10, 2025, 1:15 p.m. | 1 hour, 44 minutes ago
Description : Stored cross-site scripting (XSS) vulnerability on the Membership page in Account Settings in Liferay Portal 7.4.3.21 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, and 7.4 update 21 through update 92 allows remote authenticated attackers to inject arbitrary web script or HTML via a crafted payload injected into a Account's “Name“ text field.
Severity: 4.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...