4
CVE-2025-31969 - HCL Unica Platform is impacted by misconfigured Content Security Policy (CSP)
HCL Unica Platform is impacted by misconfigured Content Security Policy (CSP). These can result in malicious resources getting loaded and browsers may come across certain types of attacks, such as cross-site scripting and clickjacking.
5.3
CVE-2025-11630 - RainyGao DocSys File Upload uploadDoc.do updateRealDoc path traversal
A vulnerability was found in RainyGao DocSys up to 2.02.36. Affected is the function updateRealDoc of the file /Doc/uploadDoc.do of the component File Upload. Performing manipulation of the argument path results in path traversal. The attack can be initiated remotely. The exploit has been made publβ¦
5.3
CVE-2025-11629 - RainyGao DocSys getUserList.do getUserList sql injection
A vulnerability has been found in RainyGao DocSys up to 2.02.36. This impacts the function getUserList of the file /Manage/getUserList.do. Such manipulation leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendorβ¦
4.6
CVE-2025-31992 - HCL MaxAI Assistant is susceptible to a HTML injection vulnerability
HCL Unica MaxAI Assistant is susceptible to a HTML injection vulnerability. An attacker could insert special characters that are processed client-side in the context of the user's session.
5.1
CVE-2025-11628 - jimit105 Project-Online-Shopping-Website Product Inventory delete.php sql injection
A flaw has been found in jimit105 Project-Online-Shopping-Website up to 7d892f442bd8a96dd242dbe2b9bd5ed641e13e64. This affects an unknown function of the file /delete.php of the component Product Inventory Handler. This manipulation of the argument product_code causes sql injection. It is possible β¦
5.3
CVE-2025-52616 - HCL Unica 12.1.10 is affected by an exposure of sensitive information
HCL Unica 12.1.10 can expose sensitive system information. An attacker could use this information to form an attack plan by leveraging known vulnerabilities in the application.
3.5
CVE-2025-31998 - HCL Unica Centralized Offer Management is vulnerable to poor unhandled exceptions which exposes senβ¦
HCL Unica Centralized Offer Management is vulnerable to poor unhandled exceptions which exposes sensitive information. An attacker can exploit use this information to exploit known vulnerabilities launch targeted attacks, such as remote code execution or denial of service.
7.5
CVE-2025-61884 -
Vulnerability in the Oracle Configurator product of Oracle E-Business Suite (component: Runtime UI). Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Configurator. Successfulβ¦
4.2
CVE-2025-31997 - HCL Unica Centralized Offer Management is vulnerable to Insecure Direct Object References (IDOR)
HCL Unica Centralized Offer Management is vulnerable to Insecure Direct Object References (IDOR). An attacker can bypass authorization and access resources in the system directly, for example database records or files.
3.5
CVE-2025-31993 - HCL Unica Centralized Offer Management is vulnerable to a potential Server-Side Request Forgery (SSβ¦
HCL Unica Centralized Offer Management is vulnerable to a potential Server-Side Request Forgery (SSRF). An attacker can exploit improper input validation by submitting maliciously crafted input to a target application running on a server.