Security Vulnerabilities - CVEs Published In November 2025
Cross-Site Request Forgery (CSRF) vulnerability in HCL Technologies Ltd. Unica 12.0.0.
CVSS Score
5.5
EPSS Score
0.0
Published
2025-11-28
Cross-site scripting (XSS) vulnerability in HCL Technologies Ltd. Unica 12.0.0.
CVSS Score
5.4
EPSS Score
0.0
Published
2025-11-28
CSV formula injection vulnerability in HCL Technologies Ltd. Unica 12.0.0.
CVSS Score
7.5
EPSS Score
0.001
Published
2025-11-28
File upload vulnerability in HCL Technologies Ltd. Unica 12.0.0.
CVSS Score
6.3
EPSS Score
0.0
Published
2025-11-28
WebITR developed by Uniong has an Arbitrary File Read vulnerability, allowing authenticated remote attackers to exploit Relative Path Traversal to download arbitrary system files.
CVSS Score
6.5
EPSS Score
0.001
Published
2025-11-28
WebITR developed by Uniong has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary SQL commands to read database contents.
CVSS Score
6.5
EPSS Score
0.0
Published
2025-11-28
WebITR developed by Uniong has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary SQL commands to read database contents.
CVSS Score
6.5
EPSS Score
0.0
Published
2025-11-28
WebITR developed by Uniong has an Authentication Bypass vulnerability, allowing authenticated remote attackers to log into the system as any user by modifying a specific parameter. Attackers must first obtain a user ID to exploit this vulnerability.
CVSS Score
7.5
EPSS Score
0.003
Published
2025-11-28
In libexpat through 2.7.3, a crafted file with an approximate size of 2 MiB can lead to dozens of seconds of processing time.
CVSS Score
2.9
EPSS Score
0.0
Published
2025-11-28
Permission control vulnerability in the Settings module.
Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVSS Score
8.4
EPSS Score
0.0
Published
2025-11-28