Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by vendor Hcltech Subscribe
Total 372 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2025-52639 1 Hcltech 1 Connections 2025-11-20 N/A 3.5 LOW
HCL Connections is vulnerable to a sensitive information disclosure vulnerability which could allow a user to obtain sensitive information they are not entitled to, caused by improper rendering of application data.
CVE-2024-30127 1 Hcltech 1 Hcl Leap 2025-11-17 N/A 3.2 LOW
Missing "no cache" headers in HCL Leap permits sensitive data to be cached.
CVE-2022-44759 1 Hcltech 1 Hcl Leap 2025-11-17 N/A 4.6 MEDIUM
Improper sanitization of SVG files in HCL Leap allows client-side script injection in deployed applications.
CVE-2023-37516 1 Hcltech 1 Hcl Leap 2025-11-17 N/A 3.2 LOW
Missing "no cache" headers in HCL Leap permits user directory information to be cached.
CVE-2022-44760 1 Hcltech 1 Hcl Leap 2025-11-17 N/A 4.6 MEDIUM
Unsafe default file type filter policy in HCL Leap allows execution of unsafe JavaScript in deployed applications.
CVE-2024-30147 1 Hcltech 1 Hcl Leap 2025-11-17 N/A 6.5 MEDIUM
Multiple vectors in HCL Leap allow client-side script injection in the authoring environment and deployed applications.
CVE-2024-30114 1 Hcltech 1 Hcl Leap 2025-11-17 N/A 3.7 LOW
Insufficient sanitization in HCL Leap allows client-side script injection in the authoring environment.
CVE-2024-30113 1 Hcltech 1 Hcl Leap 2025-11-17 N/A 6.3 MEDIUM
Insufficient sanitization policy in HCL Leap allows client-side script injection in the deployed application through the HTML widget.
CVE-2023-45720 1 Hcltech 1 Hcl Leap 2025-11-17 N/A 5.3 MEDIUM
Insufficient default configuration in HCL Leap allows anonymous access to directory information.
CVE-2023-37534 1 Hcltech 1 Hcl Leap 2025-11-17 N/A 7.1 HIGH
Insufficient URI protocol whitelist in HCL Leap allows script injection through query parameters.
CVE-2024-30148 1 Hcltech 1 Hcl Leap 2025-11-17 N/A 4.1 MEDIUM
Improper access control of endpoint in HCL Leap allows certain admin users to import applications from the server's filesystem.
CVE-2025-31954 1 Hcltech 1 Dryice Iautomate 2025-11-07 N/A 5.4 MEDIUM
HCL iAutomate v6.5.1 and v6.5.2 is susceptible to a sensitive information disclosure. An HTTP GET method is used to process a request and includes sensitive information in the query string of that request. An attacker could potentially access information or resources they were not intended to see.
CVE-2024-30145 1 Hcltech 1 Domino Leap 2025-11-07 N/A 6.5 MEDIUM
Multiple vectors in HCL Domino Volt and Domino Leap allow client-side script injection in the authoring environment and deployed applications.
CVE-2023-45721 1 Hcltech 1 Domino Leap 2025-11-04 N/A 5.3 MEDIUM
Insufficient default configuration in HCL Leap allows anonymous access to directory information.
CVE-2024-30115 1 Hcltech 1 Domino Leap 2025-11-04 N/A 6.3 MEDIUM
Insufficient sanitization policy in HCL Leap allows client-side script injection in the deployed application through the HTML widget.
CVE-2022-27562 1 Hcltech 1 Domino Leap 2025-10-30 N/A 4.6 MEDIUM
Unsafe default file type filter policy in HCL Domino Volt allows upload of .html file and execution of unsafe JavaScript in deployed applications.
CVE-2022-42449 1 Hcltech 1 Domino Leap 2025-10-30 N/A 4.6 MEDIUM
Unsafe default file type filter policy in HCL Domino Volt allows upload of .html file and execution of unsafe JavaScript in deployed applications
CVE-2022-42450 1 Hcltech 1 Domino Leap 2025-10-30 N/A 4.6 MEDIUM
Improper sanitization of SVG files in HCL Domino Volt allows client-side script injection in deployed applications.
CVE-2023-37517 1 Hcltech 1 Domino Leap 2025-10-30 N/A 3.2 LOW
Missing "no cache" headers in HCL Leap permits sensitive data to be cached.
CVE-2023-37535 1 Hcltech 1 Domino Leap 2025-10-30 N/A 7.1 HIGH
Insufficient URI protocol whitelist in HCL Domino Volt and Domino Leap allow script injection through query parameters.