|
1401
|
9.8 |
CRITICAL
Network
|
n2ws
|
n2w
|
In N2W before 4.3.2 and 4.4.0 before 4.4.1, improper validation of API request parameters enables remote code execution.
|
CWE-290
Authentication Bypass by Spoofing
|
CVE-2025-59706
|
2026-04-26 03:01 |
2026-03-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1402
|
9.8 |
CRITICAL
Network
|
n2ws
|
n2w
|
En N2W antes de 4.3.2 y 4.4.0 antes de 4.4.1, la validación indebida de los parámetros de solicitud de la API permite la ejecución remota de código.
|
CWE-290
Authentication Bypass by Spoofing
|
CVE-2025-59706
|
2026-04-26 03:01 |
2026-03-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1403
|
9.8 |
CRITICAL
Network
|
filigran
|
openaev
|
OpenAEV is an open source platform allowing organizations to plan, schedule and conduct cyber adversary simulation campaign and tests. Starting in version 1.0.0 and prior to version 2.0.13, OpenAEV's…
|
CWE-640
Weak Password Recovery Mechanism for Forgotten Password
|
CVE-2026-24467
|
2026-04-26 03:00 |
2026-04-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1404
|
8.8 |
HIGH
Network
|
hcltech
|
aion
|
HCL AION is affected by a Cookie with Insecure, Improper, or Missing SameSite vulnerability. This can allow cookies to be sent in cross-site requests, potentially increasing exposure to cross-site r…
|
CWE-1275
Sensitive Cookie with Improper SameSite Attribute
|
CVE-2025-52628
|
2026-04-26 02:59 |
2026-02-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1405
|
8.8 |
HIGH
Network
|
hcltech
|
aion
|
HCL AION está afectado por una Cookie con vulnerabilidad de SameSite insegura, impropia o ausente. Esto puede permitir que las cookies se envíen en peticiones entre sitios, aumentando potencialmente …
|
CWE-1275
Sensitive Cookie with Improper SameSite Attribute
|
CVE-2025-52628
|
2026-04-26 02:59 |
2026-02-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1406
|
7.5 |
HIGH
Network
|
hcltech
|
aion
|
Root File System Not Mounted as Read-Only configuration vulnerability. This can allow unintended modifications to critical system files, potentially increasing the risk of system compromise or unauth…
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2025-52627
|
2026-04-26 02:59 |
2026-02-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1407
|
7.5 |
HIGH
Network
|
hcltech
|
aion
|
Vulnerabilidad de configuración: Sistema de archivos raíz no montado como solo lectura. Esto puede permitir modificaciones no intencionadas a archivos críticos del sistema, aumentando potencialmente …
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2025-52627
|
2026-04-26 02:59 |
2026-02-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1408
|
9.8 |
CRITICAL
Network
|
hcltech
|
aion
|
A Potential Command Injection vulnerability in HCL AION.
An This can allow unintended command execution, potentially leading to unauthorized actions on the underlying system.This issue affects AIO…
|
CWE-78
OS Command
|
CVE-2025-52626
|
2026-04-26 02:58 |
2026-02-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1409
|
9.8 |
CRITICAL
Network
|
hcltech
|
aion
|
Una posible vulnerabilidad de inyección de comandos en HCL AION. Esto puede permitir la ejecución no intencionada de comandos, lo que podría llevar a acciones no autorizadas en el sistema subyacente.…
|
CWE-78
OS Command
|
CVE-2025-52626
|
2026-04-26 02:58 |
2026-02-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1410
|
7.5 |
HIGH
Network
|
hcltech
|
aion
|
A vulnerability
Cacheable SSL Page Found vulnerability has been identified
in HCL AION.
Cached data may expose credentials, system identifiers, or internal file paths to attackers with access t…
|
CWE-525
Use of Web Browser Cache Containing Sensitive Information
|
CVE-2025-52625
|
2026-04-26 02:58 |
2025-10-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
