Filtered by vendor Hcltech
Subscribe
Total
404 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-55264 | 1 Hcltech | 1 Aftermarket Cloud | 2026-03-26 | N/A | 5.5 MEDIUM |
| HCL Aftermarket DPC is affected by Failure to Invalidate Session on Password Change will allow attacker to access to a session, then they can maintain control over the account despite the password change leading to account takeover. | |||||
| CVE-2025-55272 | 1 Hcltech | 1 Aftermarket Cloud | 2026-03-26 | N/A | 3.1 LOW |
| HCL Aftermarket DPC is affected by Banner Disclosure vulnerability where attackers gain insights into the system’s software and version details which would allow them to craft software specific attacks. | |||||
| CVE-2024-42210 | 1 Hcltech | 1 Unica | 2026-03-23 | N/A | 7.6 HIGH |
| A Stored cross-site scripting (XSS) vulnerability affects HCL Unica Marketing Operations v12.1.8 and lower. Stored cross-site scripting (also known as second-order or persistent XSS) arises when an application receives data from an untrusted source and includes that data within its later HTTP responses in an unsafe way. | |||||
| CVE-2026-21788 | 1 Hcltech | 1 Connections | 2026-03-19 | N/A | 5.4 MEDIUM |
| HCL Connections is vulnerable to a cross-site scripting attack where an attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user which leads to executing malicious script code. This may allow the attacker steal cookie-based authentication credentials and comprise user's account then launch other attacks. | |||||