Skip to main content
CVE-2025-55251 LOW Monitor

HCL AION is affected by an Unrestricted File Upload vulnerability. This can allow malicious file uploads, potentially resulting in unauthorized code execution or system compromise. [CVSS 3.1 LOW]

File Upload RCE Aion
NVD
CVSS 3.1
3.1
EPSS
0.0%
CVE-2025-55252 LOW Monitor

Aion versions up to 2.0 contains a vulnerability that allows attackers to the use of easily guessable passwords, potentially resulting in unauthorized acc (CVSS 3.1).

Authentication Bypass Brute Force
NVD
CVSS 3.1
3.1
EPSS
0.0%
CVE-2025-52659 LOW Monitor

Aion versions up to 2.0 contains a vulnerability that allows attackers to unintended storage of sensitive or dynamic content, potentially resulting in una (CVSS 2.8).

Information Disclosure Authentication Bypass Aion
NVD
CVSS 3.1
2.8
EPSS
0.0%
CVE-2025-52660 LOW Monitor

Aion versions up to 2.0 contains a vulnerability that allows attackers to malicious file uploads, potentially resulting in unauthorized code execution or (CVSS 2.7).

File Upload RCE Aion
NVD
CVSS 3.1
2.7
EPSS
0.1%
CVE-2025-52661 LOW Monitor

HCL AION version 2 is affected by a JWT Token Expiry Too Long vulnerability. This may increase the risk of token misuse, potentially resulting in unauthorized access if the token is compromised. [CVSS 2.4 LOW]

Authentication Bypass Aion
NVD
CVSS 3.1
2.4
EPSS
0.0%
CVE-2026-1161 LOW Monitor

A vulnerability was detected in pbrong hrms 1.0.1. The affected element is the function UpdateRecruitmentById of the file /handler/recruitment.go. [CVSS 3.5 LOW]

XSS
NVD GitHub VulDB
CVSS 4.0
2.0
EPSS
0.0%
CVE-2026-1136 LOW Monitor

A weakness has been identified in lcg0124 BootDo up to e93dd428ef6f5c881aa74d49a2099ab0cf1e0fcb. Affected is the function Save of the file /blog/bContent/save of the component ContentController. [CVSS 3.5 LOW]

XSS
NVD GitHub VulDB
CVSS 4.0
2.0
EPSS
0.0%
CVE-2026-1147 LOW Monitor

Patients Waiting Area Queue Management System versions up to 1.0 is affected by cross-site scripting (xss) (CVSS 3.5).

PHP XSS
NVD VulDB
CVSS 4.0
2.0
EPSS
0.0%
CVE-2026-1146 LOW Monitor

Patients Waiting Area Queue Management System versions up to 1.0 is affected by cross-site scripting (xss) (CVSS 3.5).

PHP XSS
NVD VulDB
CVSS 4.0
2.0
EPSS
0.0%
CVE-2025-55250 LOW Monitor

HCL AION version 2 is affected by a Technical Error Disclosure vulnerability. This can expose sensitive technical details, potentially resulting in information disclosure or aiding further attacks. [CVSS 1.8 LOW]

Information Disclosure Aion
NVD
CVSS 3.1
1.8
EPSS
0.0%
CVE-2026-23838 Monitor

Tandoor Recipes is a recipe manager than can be installed with the Nix package manager. Starting in version 23.05 and prior to version 26.05, when using the default configuration of Tandoor Recipes, specifically using SQLite and default `MEDIA_ROOT`, the full database file may be externally accessible, potentially on the Internet. The root cause is that the NixOS module configures the working directory of Tandoor Recipes, as well as the value of `MEDIA_ROOT`, to be `/var/lib/tandoor-recipes`....

Nginx PostgreSQL SQLi
NVD GitHub
EPSS
0.1%
Prev Page 3 of 3

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy