Filtered by vendor Hcltech
Subscribe
Total
404 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-52634 | 1 Hcltech | 1 Aion | 2026-06-17 | N/A | 3.7 LOW |
| Exposure of Sensitive Information to an Unauthorized Actor vulnerability in HCL AION This issue affects HCL AION: 2.0. | |||||
| CVE-2025-52633 | 1 Hcltech | 1 Aion | 2026-06-17 | N/A | 3.1 LOW |
| HCL AION is affected by a Permanent Cookie Containing Sensitive Session Information vulnerability. It is storing sensitive session data in persistent cookies may increase the risk of unauthorized access if the cookies are intercepted or compromised. This issue affects AION: 2.0. | |||||
| CVE-2025-52632 | 1 Hcltech | 1 Aion | 2026-06-17 | N/A | 6.5 MEDIUM |
| A Missing Secure Attribute in Encrypted Session (SSL) Cookie vulnerability in HCL AION.This issue affects AION: 2.0. | |||||
| CVE-2025-52631 | 1 Hcltech | 1 Aion | 2026-06-17 | N/A | 3.7 LOW |
| HCL AION is affected by a Missing or Insecure HTTP Strict-Transport-Security (HSTS) Header vulnerability. This can allow insecure connections, potentially exposing the application to man-in-the-middle and protocol downgrade attacks.. This issue affects AION: 2.0. | |||||
| CVE-2025-52630 | 1 Hcltech | 1 Aion | 2026-06-17 | N/A | 3.7 LOW |
| Exposure of Sensitive Information to an Unauthorized Actor vulnerability in HCL AION.This issue affects AION: 2.0. | |||||
| CVE-2025-52629 | 1 Hcltech | 1 Aion | 2026-06-17 | N/A | 3.7 LOW |
| HCL AION is susceptible to Missing Content-Security-Policy. An The absence of a CSP header may increase the risk of cross-site scripting and other content injection attacks by allowing unsafe scripts or resources to execute..This issue affects AION: 2.0. | |||||
| CVE-2025-52628 | 1 Hcltech | 1 Aion | 2026-06-17 | N/A | 4.6 MEDIUM |
| HCL AION is affected by a Cookie with Insecure, Improper, or Missing SameSite vulnerability. This can allow cookies to be sent in cross-site requests, potentially increasing exposure to cross-site request forgery and related security risks. This issue affects AION: 2.0. | |||||
| CVE-2025-52627 | 1 Hcltech | 1 Aion | 2026-06-17 | N/A | 5.5 MEDIUM |
| Root File System Not Mounted as Read-Only configuration vulnerability. This can allow unintended modifications to critical system files, potentially increasing the risk of system compromise or unauthorized changes.This issue affects AION: 2.0. | |||||
| CVE-2025-52626 | 1 Hcltech | 1 Aion | 2026-06-17 | N/A | 4.5 MEDIUM |
| A Potential Command Injection vulnerability in HCL AION. An This can allow unintended command execution, potentially leading to unauthorized actions on the underlying system.This issue affects AION: 2.0 | |||||
| CVE-2025-52625 | 1 Hcltech | 1 Aion | 2026-06-17 | N/A | 3.7 LOW |
| A vulnerability Cacheable SSL Page Found vulnerability has been identified in HCL AION. Cached data may expose credentials, system identifiers, or internal file paths to attackers with access to the device or browser This issue affects AION: 2.0. | |||||
| CVE-2025-52624 | 1 Hcltech | 1 Aion | 2026-06-17 | N/A | 5.4 MEDIUM |
| A vulnerability Bypass of the script allowlist configuration in HCL AION. An incorrectly configured Content-Security-Policy header may allow unauthorized scripts to execute, increasing the risk of cross-site scripting and other injection-based attacks.This issue affects AION: 2.0. | |||||
| CVE-2025-52623 | 1 Hcltech | 1 Aion | 2026-06-17 | N/A | 3.7 LOW |
| HCL AION is affected by an Autocomplete HTML Attribute Not Disabled for Password Field vulnerability. This can allow autocomplete on password fields may lead to unintended storage or disclosure of sensitive credentials, potentially increasing the risk of unauthorized access. This issue affects AION: 2.0. | |||||
| CVE-2025-52621 | 1 Hcltech | 1 Bigfix Saas | 2026-06-17 | N/A | 5.3 MEDIUM |
| HCL BigFix SaaS Authentication Service is vulnerable to cache poisoning. The BigFix SaaS's HTTP responses were observed to include the Origin header. Its presence alongside an unvalidated reflection of the Origin header value introduces a potential for cache poisoning. | |||||
| CVE-2025-52620 | 1 Hcltech | 1 Bigfix Saas | 2026-06-17 | N/A | 4.3 MEDIUM |
| HCL BigFix SaaS Authentication Service is affected by a Cross-Site Scripting (XSS) vulnerability. The image upload functionality inadequately validated the submitted image format. | |||||
| CVE-2025-52619 | 1 Hcltech | 1 Bigfix Saas | 2026-06-17 | N/A | 5.3 MEDIUM |
| HCL BigFix SaaS Authentication Service is affected by a sensitive information disclosure. Under certain conditions, error messages disclose sensitive version information about the underlying platform. | |||||
| CVE-2025-52618 | 1 Hcltech | 1 Bigfix Saas | 2026-06-17 | N/A | 4.3 MEDIUM |
| HCL BigFix SaaS Authentication Service is affected by a SQL injection vulnerability. The vulnerability allows potential attackers to manipulate SQL queries. | |||||
| CVE-2025-52616 | 1 Hcltech | 1 Unica | 2026-06-17 | N/A | 5.3 MEDIUM |
| HCL Unica 12.1.10 can expose sensitive system information. An attacker could use this information to form an attack plan by leveraging known vulnerabilities in the application. | |||||
| CVE-2025-52615 | 1 Hcltech | 1 Unica | 2026-06-17 | N/A | 3.5 LOW |
| HCL Unica Platform is impacted by misconfigured security related HTTP headers. This can lead to less secure browser default treatment for the policies controlled by these headers. | |||||
| CVE-2025-52614 | 1 Hcltech | 1 Unica | 2026-06-17 | N/A | 3.5 LOW |
| HCL Unica Platform is affected by a Cookie without HTTPOnly Flag Set vulnerability. A malicious agent may be able to induce this event by feeding a user suitable links, either directly or via another web site. | |||||
| CVE-2025-52603 | 1 Hcltech | 1 Connections | 2026-06-17 | N/A | 3.5 LOW |
| HCL Connections is vulnerable to information disclosure. In a very specific user navigation scenario, this could allow a user to obtain limited information when a single piece of internal metadata is returned in the browser. | |||||