HCL AION SQL Injection Vulnerability

HCL AION is an AI lifecycle management platform from HCL India. HCL AION suffers from a SQL injection vulnerability that stems from the application's lack of validation of externally entered SQL statements, which can be exploited by an attacker to steal sensitive database data by injecting a...

CVE-2025-40977

Stored Cross-Site Scripting XSS vulnerability in WorkDo's eCommerceGo SaaS, consisting of a lack of proper validation of user input by sending a POST request to ‘/store-ticket’, using the ‘subject’ and ‘description’ parameters...

Advantech WebAccess/VPN 安全漏洞

Advantech WebAccess/VPN is a virtual private network feature integrated in Advantech WebAccess/SCADA software, designed to provide a secure and reliable network connectivity solution for industrial automation and remote monitoring systems. Advantech WebAccess/VPN suffers from a cross-site scripti...

Zoo Management System /admin/profile.php File SQL Injection Vulnerability

Zoo Management System is a zoo management system. Zoo Management System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter contactnumber in the file /admin/profile.php. An attacker can exploit this...

Vulnerability of the Server component: The Optimizer component of the MySQL Server database management system, which allows a hacker to cause a service failure.

The vulnerability of the MySQL Server component of the database management system exists due to insufficient validation of input data. Exploiting this vulnerability can allow a malicious actor to cause service failures remotely...

The vulnerability of the web interface of microprogramming software for Cisco RV110W, Cisco RV130, Cisco RV130W, and Cisco RV215W allows a hacker to execute arbitrary code or cause service failures.

The vulnerability of the web interface of microprogramming software for Cisco RV110W, Cisco RV130, Cisco RV130W, and Cisco RV215W is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker to execute arbitrary code or cause service failures...

The vulnerability of the Security Framework component of the Oracle WebCenter Portal web platform allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the Security Framework component of the Oracle WebCenter Portal exists due to insufficient validation of input data. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain unauthorized access to protected information using the HTTP protocol...

CyberSolutions CyberMail Cross-Site Scripting Vulnerability

CyberSolutions CyberMail is an e-mail system from CyberSolutions Japan. A cross-site scripting vulnerability exists in the 'ACTION' parameter of cgi-bin/go in Cyber??Solutions Cyber??Mail 5 and later versions. The vulnerability stems from a lack of proper validation of client-side data by the WEB...

The vulnerability of Cisco Enterprise NFV Infrastructure Software (NFVIS) arises from insufficient validation of input data, allowing attackers to disclose sensitive information that should be protected.

The vulnerability of Cisco Enterprise NFV Infrastructure Software NFVIS exists due to insufficient testing of input data. Exploiting this vulnerability could allow a attacker to disclose protected information...

The vulnerability in the web interface of the microprogramming software for Cisco Wireless LAN Controllers of the 5500 series allows a intruder to disclose protected information.

The vulnerability of the web interface of microprogramming software for Cisco Wireless LAN Controllers of the 5500 series arises from insufficient checking of entered URI addresses. Exploiting this vulnerability can allow a malicious actor to disclose protected information using a specially craft...