Filtered by vendor Hcltech
Subscribe
Total
372 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-55271 | 1 Hcltech | 1 Aftermarket Cloud | 2026-03-26 | N/A | 3.1 LOW |
| HCL Aftermarket DPC is affected by HTTP Response Splitting vulnerability where in depending on how the web application handles the split response, an attacker may be able to execute arbitrary commands or inject harmful content into the response.. | |||||
| CVE-2025-55273 | 1 Hcltech | 1 Aftermarket Cloud | 2026-03-26 | N/A | 4.3 MEDIUM |
| HCL Aftermarket DPC is affected by Cross Domain Script Include vulnerability where an attacker using external scripts can tamper with the DOM, altering the content or behavior of the application. Malicious scripts can steal cookies or session tokens, leading to session hijacking. | |||||
| CVE-2025-55275 | 1 Hcltech | 1 Aftermarket Cloud | 2026-03-26 | N/A | 3.7 LOW |
| HCL Aftermarket DPC is affected by Admin Session Concurrency vulnerability using which an attacker can exploit concurrent sessions to hijack or impersonate an admin user. | |||||
| CVE-2025-55277 | 1 Hcltech | 1 Aftermarket Cloud | 2026-03-26 | N/A | 2.6 LOW |
| HCL Aftermarket DPC is affected by Use of Vulnerable/Outdated Versions vulnerability using which an attacker may make use of the exploits available across the internet and craft attacks against the application. | |||||
| CVE-2025-55274 | 1 Hcltech | 1 Aftermarket Cloud | 2026-03-26 | N/A | 2.6 LOW |
| HCL Aftermarket DPC is affected by Cross-Origin Resource Sharing vulnerability. CORS misconfigurations includes the exposure of sensitive user information to attackers, unauthorized access to APIs, and possible data manipulation or leakage. If an attacker to exploit CORS misconfiguration, they could steal sensitive data, perform actions on behalf of a legitimate user. | |||||
| CVE-2025-55265 | 1 Hcltech | 1 Aftermarket Cloud | 2026-03-26 | N/A | 6.5 MEDIUM |
| HCL Aftermarket DPC is affected by File Discovery which allows attacker could exploit this issue to read sensitive files present in the system and may use it to craft further attacks. | |||||
| CVE-2025-55276 | 1 Hcltech | 1 Aftermarket Cloud | 2026-03-26 | N/A | 3.1 LOW |
| HCL Aftermarket DPC is affected by Internal IP Disclosure vulnerability will give attackers a clearer map of the organization’s network layout. | |||||
| CVE-2025-55261 | 1 Hcltech | 1 Aftermarket Cloud | 2026-03-26 | N/A | 8.1 HIGH |
| HCL Aftermarket DPC is affected by Missing Functional Level Access Control which will allow attacker to escalate his privileges and may compromise the application and may steal and manipulate the data. | |||||
| CVE-2025-55262 | 1 Hcltech | 1 Aftermarket Cloud | 2026-03-26 | N/A | 8.3 HIGH |
| HCL Aftermarket DPC is affected by SQL Injection which allows attacker to exploit this vulnerability to retrieve sensitive information from the database. | |||||
| CVE-2025-55263 | 1 Hcltech | 1 Aftermarket Cloud | 2026-03-26 | N/A | 7.3 HIGH |
| HCL Aftermarket DPC is affected by Hardcoded Sensitive Data which allows attacker to gain access to the source code or if it is stored in insecure repositories, they can easily retrieve these hardcoded secrets. | |||||
| CVE-2025-55264 | 1 Hcltech | 1 Aftermarket Cloud | 2026-03-26 | N/A | 5.5 MEDIUM |
| HCL Aftermarket DPC is affected by Failure to Invalidate Session on Password Change will allow attacker to access to a session, then they can maintain control over the account despite the password change leading to account takeover. | |||||
| CVE-2025-55272 | 1 Hcltech | 1 Aftermarket Cloud | 2026-03-26 | N/A | 3.1 LOW |
| HCL Aftermarket DPC is affected by Banner Disclosure vulnerability where attackers gain insights into the system’s software and version details which would allow them to craft software specific attacks. | |||||
| CVE-2024-42210 | 1 Hcltech | 1 Unica | 2026-03-23 | N/A | 7.6 HIGH |
| A Stored cross-site scripting (XSS) vulnerability affects HCL Unica Marketing Operations v12.1.8 and lower. Stored cross-site scripting (also known as second-order or persistent XSS) arises when an application receives data from an untrusted source and includes that data within its later HTTP responses in an unsafe way. | |||||
| CVE-2026-21788 | 1 Hcltech | 1 Connections | 2026-03-19 | N/A | 5.4 MEDIUM |
| HCL Connections is vulnerable to a cross-site scripting attack where an attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user which leads to executing malicious script code. This may allow the attacker steal cookie-based authentication credentials and comprise user's account then launch other attacks. | |||||
| CVE-2026-21786 | 1 Hcltech | 1 Sametime | 2026-03-09 | N/A | 3.3 LOW |
| HCL Sametime for iOS is impacted by a sensitive information disclosure. Hostnames information is written in application logs and certain URLs. | |||||
| CVE-2025-62326 | 1 Hcltech | 1 Digital Experience | 2026-02-24 | N/A | 6.1 MEDIUM |
| HCL Digital Experience is susceptible to stored cross-site scripting (XSS) in the administrative user interface which would require elevated privileges to exploit. | |||||
| CVE-2025-52603 | 1 Hcltech | 1 Connections | 2026-02-20 | N/A | 3.5 LOW |
| HCL Connections is vulnerable to information disclosure. In a very specific user navigation scenario, this could allow a user to obtain limited information when a single piece of internal metadata is returned in the browser. | |||||
| CVE-2023-37525 | 1 Hcltech | 1 Bigfix Compliance | 2026-02-12 | N/A | 5.3 MEDIUM |
| A sensitive information disclosure in HCL BigFix Compliance allows a remote attacker to access files under the WEB-INF directory, which may contain Java class files and configuration information, leading to unauthorized access to application internals. | |||||
| CVE-2025-59870 | 1 Hcltech | 1 Myxalytics | 2026-01-23 | N/A | 7.4 HIGH |
| HCL MyXalytics is affected by improper management of a static JWT signing secret in the web application, where the secret lacks rotation , introducing a security risk | |||||
| CVE-2025-31963 | 1 Hcltech | 1 Bigfix Insights For Vulnerability Remediation | 2026-01-22 | N/A | 2.9 LOW |
| Improper authentication and missing CSRF protection in the local setup interface component in HCL BigFix IVR version 4.2 allows a local attacker to perform unauthorized configuration changes via unauthenticated administrative configuration requests. | |||||