Security Vulnerabilities
The Kiwire Captive Portal contains an open redirection issue via the login-url parameter, allowing an attacker to redirect users to an attacker controlled website.
CVSS Score
5.4
EPSS Score
0.001
Published
2025-10-10
The Kiwire Captive Portal contains a blind SQL injection in the nas-id parameter, allowing for SQL commands to be issued and to compromise the corresponding database.
CVSS Score
7.3
EPSS Score
0.0
Published
2025-10-10
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in HCL AION This issue affects HCL AION: 2.0.
CVSS Score
3.7
EPSS Score
0.0
Published
2025-10-10
Inline script execution allowed in CSP vulnerability has been identified in HCL AION v2.0
CVSS Score
8.2
EPSS Score
0.0
Published
2025-10-10
Insertion of sensitive information in log file in Elasticsearch can lead to loss of confidentiality under specific preconditions when auditing requests to the reindex API https://www.elastic.co/docs/api/doc/elasticsearch/operation/operation-reindex
CVSS Score
5.7
EPSS Score
0.0
Published
2025-10-10
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in HCL AION.This issue affects AION: 2.0.
CVSS Score
3.7
EPSS Score
0.0
Published
2025-10-10
A Missing Secure Attribute in Encrypted Session (SSL) Cookie vulnerability in HCL AION.This issue affects AION: 2.0.
CVSS Score
6.5
EPSS Score
0.0
Published
2025-10-10
Improper Neutralization of Input During Web Page Generation in Kibana can lead to stored Cross-Site Scripting (XSS)
CVSS Score
8.7
EPSS Score
0.0
Published
2025-10-10
Incorrect Execution-Assigned Permissions vulnerability in Apache StreamPark.
This issue affects Apache StreamPark: from 2.1.4 before 2.1.6.
Users are recommended to upgrade to version 2.1.6, which fixes the issue.
CVSS Score
7.3
EPSS Score
0.001
Published
2025-10-10
Improper Neutralization of Input During Web Page Generation in Kibana can lead to Cross-Site Scripting (XSS)
CVSS Score
8.2
EPSS Score
0.0
Published
2025-10-10