|
141
|
5.4 |
MEDIUM
Adjacent
|
-
|
-
|
HCL AION is affected by a vulnerability where encryption is not enforced for certain data transmissions or operations. This may expose sensitive information to potential interception or unauthorized …
New
|
CWE-319
Cleartext Transmission of Sensitive Information
|
CVE-2025-62310
|
2026-05-15 02:22 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
142
|
4.3 |
MEDIUM
Adjacent
|
-
|
-
|
HCL AION is affected by a vulnerability where backend service details may be transmitted over insecure HTTP channels. This may expose sensitive information to potential interception or unauthorized a…
New
|
CWE-319
Cleartext Transmission of Sensitive Information
|
CVE-2025-62311
|
2026-05-15 02:22 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
143
|
3.0 |
LOW
Adjacent
|
-
|
-
|
HCL AION is affected by a vulnerability where basic authorization tokens are used for authentication. Use of basic authorization mechanisms may expose credentials to potential interception or misuse,…
New
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2025-62312
|
2026-05-15 02:22 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
144
|
5.4 |
MEDIUM
Adjacent
|
-
|
-
|
HCL AION is affected by a vulnerability where adequate protections against brute-force attempts are not enforced. This may allow repeated authentication attempts, potentially leading to unauthorized …
New
|
CWE-307
mproper Restriction of Excessive Authentication Attempts
|
CVE-2025-62313
|
2026-05-15 02:22 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
145
|
2.3 |
LOW
Adjacent
|
-
|
-
|
HCL AION is affected by a vulnerability where certain security-related HTTP response headers are not properly configured. Absence of these headers may reduce the effectiveness of browser-based securi…
New
|
CWE-1021
Improper Restriction of Rendered UI Layers or Frames
|
CVE-2025-62316
|
2026-05-15 02:22 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
146
|
2.6 |
LOW
Adjacent
|
-
|
-
|
HCL AION is affected by a vulnerability where sensitive information may be included in URL parameters. Passing sensitive data in URLs may expose it through browser history, logs, or intermediary syst…
New
|
CWE-598
Information Exposure Through Query Strings in GET Request
|
CVE-2025-62317
|
2026-05-15 02:22 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
147
|
7.5 |
HIGH
Network
|
libexpat_project
|
libexpat
|
In libexpat before 2.8.1, the computational complexity of attribute name collision checks allows a denial of service via moderately sized crafted XML input.
Update
|
CWE-407
Inefficient Algorithmic Complexity
|
CVE-2026-45186
|
2026-05-15 02:20 |
2026-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
148
|
5.4 |
MEDIUM
Network
|
-
|
-
|
A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an authenticated, remote attacker with read-only permissions to elevate their privileges from low …
New
|
CWE-779
Logging of Excessive Data
|
CVE-2026-20209
|
2026-05-15 02:19 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
149
|
8.6 |
HIGH
Network
|
-
|
-
|
A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an unauthenticated, remote attacker to read arbitrary files that are stored in an affected system.…
New
|
CWE-20
Improper Input Validation
|
CVE-2026-20224
|
2026-05-15 02:19 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
150
|
5.4 |
MEDIUM
Network
|
-
|
-
|
A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an authenticated, remote attacker with read-only permissions to modify configurations and perform …
New
|
CWE-779
Logging of Excessive Data
|
CVE-2026-20210
|
2026-05-15 02:19 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
