Total
28 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-52650 | 1 Hcltech | 1 Aion | 2026-04-28 | N/A | 8.2 HIGH |
| Inline script execution allowed in CSP vulnerability has been identified in HCL AION v2.0 | |||||
| CVE-2025-52646 | 1 Hcltech | 1 Aion | 2026-04-28 | N/A | 2.2 LOW |
| HCL AION is affected by a vulnerability where certain offering configurations may permit execution of potentially harmful SQL queries. Improper validation or restrictions on query execution could expose the system to unintended database interactions or limited information exposure under specific conditions. | |||||
| CVE-2025-52644 | 1 Hcltech | 1 Aion | 2026-04-28 | N/A | 5.8 MEDIUM |
| HCL AION is affected by a vulnerability where certain user actions are not adequately audited or logged. The absence of proper auditing mechanisms may reduce traceability of user activities and could potentially impact monitoring, accountability, or incident investigation processes. | |||||
| CVE-2025-52624 | 1 Hcltech | 1 Aion | 2026-04-27 | N/A | 5.4 MEDIUM |
| A vulnerability Bypass of the script allowlist configuration in HCL AION. An incorrectly configured Content-Security-Policy header may allow unauthorized scripts to execute, increasing the risk of cross-site scripting and other injection-based attacks.This issue affects AION: 2.0. | |||||
| CVE-2025-52623 | 1 Hcltech | 1 Aion | 2026-04-27 | N/A | 3.7 LOW |
| HCL AION is affected by an Autocomplete HTML Attribute Not Disabled for Password Field vulnerability. This can allow autocomplete on password fields may lead to unintended storage or disclosure of sensitive credentials, potentially increasing the risk of unauthorized access. This issue affects AION: 2.0. | |||||
| CVE-2025-52634 | 1 Hcltech | 1 Aion | 2026-04-27 | N/A | 3.7 LOW |
| Exposure of Sensitive Information to an Unauthorized Actor vulnerability in HCL AION This issue affects HCL AION: 2.0. | |||||
| CVE-2025-52633 | 1 Hcltech | 1 Aion | 2026-04-27 | N/A | 3.1 LOW |
| HCL AION is affected by a Permanent Cookie Containing Sensitive Session Information vulnerability. It is storing sensitive session data in persistent cookies may increase the risk of unauthorized access if the cookies are intercepted or compromised. This issue affects AION: 2.0. | |||||
| CVE-2025-52632 | 1 Hcltech | 1 Aion | 2026-04-27 | N/A | 6.5 MEDIUM |
| A Missing Secure Attribute in Encrypted Session (SSL) Cookie vulnerability in HCL AION.This issue affects AION: 2.0. | |||||
| CVE-2025-52631 | 1 Hcltech | 1 Aion | 2026-04-27 | N/A | 3.7 LOW |
| HCL AION is affected by a Missing or Insecure HTTP Strict-Transport-Security (HSTS) Header vulnerability. This can allow insecure connections, potentially exposing the application to man-in-the-middle and protocol downgrade attacks.. This issue affects AION: 2.0. | |||||
| CVE-2025-52630 | 1 Hcltech | 1 Aion | 2026-04-27 | N/A | 3.7 LOW |
| Exposure of Sensitive Information to an Unauthorized Actor vulnerability in HCL AION.This issue affects AION: 2.0. | |||||
| CVE-2025-52629 | 1 Hcltech | 1 Aion | 2026-04-27 | N/A | 3.7 LOW |
| HCL AION is susceptible to Missing Content-Security-Policy. An The absence of a CSP header may increase the risk of cross-site scripting and other content injection attacks by allowing unsafe scripts or resources to execute..This issue affects AION: 2.0. | |||||
| CVE-2025-52635 | 1 Hcltech | 1 Aion | 2026-04-27 | N/A | 3.7 LOW |
| A rusted types in scripts not enforced in CSP vulnerability has been identified in HCL AION.This issue affects AION: 2.0. | |||||
| CVE-2025-52642 | 1 Hcltech | 1 Aion | 2026-04-27 | N/A | 3.3 LOW |
| HCL AION is affected by a vulnerability where internal filesystem paths may be exposed through application responses or system behaviour. Exposure of internal paths may reveal environment structure details which could potentially aid in further targeted attacks or information disclosure. | |||||
| CVE-2025-52660 | 1 Hcltech | 1 Aion | 2026-04-25 | N/A | 2.7 LOW |
| HCL AION is affected by an Unrestricted File Upload vulnerability. This can allow malicious file uploads, potentially resulting in unauthorized code execution or system compromise. | |||||
| CVE-2025-55249 | 1 Hcltech | 1 Aion | 2026-04-25 | N/A | 3.5 LOW |
| HCL AION is affected by a Missing Security Response Headers vulnerability. The absence of standard security headers may weaken the application’s overall security posture and increase its susceptibility to common web-based attacks. | |||||
| CVE-2025-55251 | 1 Hcltech | 1 Aion | 2026-04-25 | N/A | 3.1 LOW |
| HCL AION is affected by an Unrestricted File Upload vulnerability. This can allow malicious file uploads, potentially resulting in unauthorized code execution or system compromise. | |||||
| CVE-2025-55252 | 1 Hcltech | 1 Aion | 2026-04-25 | N/A | 3.1 LOW |
| HCL AION version 2 is affected by a Weak Password Policy vulnerability. This can allow the use of easily guessable passwords, potentially resulting in unauthorized access | |||||
| CVE-2025-55250 | 1 Hcltech | 1 Aion | 2026-04-25 | N/A | 1.8 LOW |
| HCL AION version 2 is affected by a Technical Error Disclosure vulnerability. This can expose sensitive technical details, potentially resulting in information disclosure or aiding further attacks. | |||||
| CVE-2025-52661 | 1 Hcltech | 1 Aion | 2026-04-25 | N/A | 2.4 LOW |
| HCL AION version 2 is affected by a JWT Token Expiry Too Long vulnerability. This may increase the risk of token misuse, potentially resulting in unauthorized access if the token is compromised. | |||||
| CVE-2025-52659 | 1 Hcltech | 1 Aion | 2026-04-25 | N/A | 2.8 LOW |
| HCL AION version 2 is affected by a Cacheable HTTP Response vulnerability. This may lead to unintended storage of sensitive or dynamic content, potentially resulting in unauthorized access or information disclosure. | |||||