EUVD-2025-209852

HCL AION is affected by a vulnerability where adequate protections against brute-force attempts are not enforced. This may allow repeated authentication attempts, potentially leading to unauthorized access or account compromise under certain conditions...

CVE-2025-15567

Technical details are not publicly available in the provided documents. Monitor for updates from vendors and security advisories to learn affected products, components, and remediation information.

The vulnerability of Adobe Connect’s instant messaging program, related to the lack of protective measures for website structures, allows attackers to execute XSS attacks.

The vulnerability of the Adobe Connect instant messaging program relates to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to execute XSS attacks by injecting malicious scripts into form fields...

The vulnerability of Adobe Experience Manager’s content and media data management system, related to the lack of measures taken to protect the website structure, allows attackers to carry out cross-site scripting attacks.

The vulnerability of the Adobe Experience Manager AEM content and media data management system is related to the lack of measures taken to protect the structure of web pages. Exploiting this vulnerability could allow a malicious actor to carry out cross-site scripting attacks...

The vulnerability of the Adobe Experience Manager (AEM) content and media data management system, related to the lack of measures taken to protect the structure of web pages, allows attackers to disclose protected information.

The vulnerability of the Adobe Experience Manager AEM content and media data management system is related to the lack of measures taken to protect the structure of web pages. Exploiting this vulnerability could allow a malicious actor to disclose protected information...

The vulnerability of NagiosXI software, related to the lack of measures taken to protect the website structure, allows attackers to execute XSS-type attacks.

The vulnerability of NagiosXI software is related to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to carry out a type of attack known as reflected XSS...

The vulnerability in the web interface of Inductive Automation Ignition software allows a perpetrator to carry out cross-site scripting attacks.

The vulnerability of Inductive Automation Ignition’s software for industrial automation is related to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks using a specially created link...

NETGEAR Nighthawk 跨站请求伪造漏洞

The NETGEAR Nighthawk WiFi6 Router is a series of routers from NETGEAR that support WiFi 6 technology and are aimed at users seeking a high-speed Internet experience. The NETGEAR Nighthawk WiFi6 Router suffers from a cross-site request forgery vulnerability that stems from the device not properly...

The vulnerability of the Azure Site Recovery disaster recovery tool lies in the insufficient protection of registration data, allowing attackers to escalate their privileges.

The vulnerability of the Azure Site Recovery recovery tool is related to insufficient protection for registration data. Exploiting this vulnerability could allow a malicious actor to gain increased privileges...

The vulnerability in the web interface of the Cisco Finesse automation software allows a malicious individual to gain unauthorized access to the OpenSocial Gadget Editor.

The vulnerability in the web interface for controlling the automation tools of Cisco Finesse’s operator software relates to the lack of protective measures for the web page structure. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to the...

The vulnerability of Firefox and Firefox ESR browsers allows attackers to circumvent access control policies.

The vulnerability of Firefox and Firefox ESR browsers is related to the lack of protection for service data. Exploiting this vulnerability allows a malicious actor to bypass access control policies using the JSON.parse method...