CVE-2024-23567
HCL Aftermarket EPC is affected by Sensitive Information in GET method & in URL which allows application to pass sensitive data via URL para
CVSS
4.3
Medio
EPSS
—
KEV
—
Exploit Today
0
0-100
Publicado: 17 jul 2026 · Última mod.: 17 jul 2026 · CWE-804
Sin historial EPSS suficiente todavía.
HCL Aftermarket EPC is affected by Sensitive Information in GET method & in URL which allows application to pass sensitive data via URL parameters during normal usage. Data passed in this manner can be exposed because it may end up stored in unintended locations, including server logs, local browser history and proxy logs.
CVECVSSEPSSKEVRExplotTítuloVis.
CVE-2025-508508.6 ALT13.8%
——4An issue was discovered in CS Cart 4.18.3 allows the vendor login functionality lacks essential security controls such as CAPTCHA verification and rate limiting. This allows an attacker to systematically attempt various combinations of usernames and passwords (brute-force attack) to gain unauthorized access to vendor accounts. The absence of any blocking mechanism makes the login endpoint susceptible to automated attacks.13dCVE-2024-235666.5 MED—
——0HCL Aftermarket EPC is vulnerable to brute force attacks since application doesn’t have captcha implemented. It can lead to various security issues like brute force , automated attacks & account enumeration5hCVE-2026-13082——
——0GD::SecurityImage versions through 1.75 for Perl use rand to generate secrets.
The random method creates the challenge text used for the CAPTCHA by sampling characters from an array using Perl's built-in rand function, and generates a (by default) six-character string.
The built-in rand function is unsuitable for security applications because it is predictable and reversible.7h