Filtered by vendor Hcltech
Subscribe
Total
346 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-42210 | 1 Hcltech | 1 Unica | 2026-03-19 | N/A | 7.6 HIGH |
| A Stored cross-site scripting (XSS) vulnerability affects HCL Unica Marketing Operations v12.1.8 and lower. Stored cross-site scripting (also known as second-order or persistent XSS) arises when an application receives data from an untrusted source and includes that data within its later HTTP responses in an unsafe way. | |||||
| CVE-2026-21788 | 1 Hcltech | 1 Connections | 2026-03-19 | N/A | 5.4 MEDIUM |
| HCL Connections is vulnerable to a cross-site scripting attack where an attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user which leads to executing malicious script code. This may allow the attacker steal cookie-based authentication credentials and comprise user's account then launch other attacks. | |||||
| CVE-2025-52643 | 1 Hcltech | 1 Aion | 2026-03-18 | N/A | 4.7 MEDIUM |
| HCL AION is affected by a vulnerability where untrusted file parsing operations are not executed within a properly isolated sandbox environment. This may expose the application to potential security risks, including unintended behaviour or integrity impact when processing specially crafted files. | |||||
| CVE-2025-52644 | 1 Hcltech | 1 Aion | 2026-03-18 | N/A | 5.8 MEDIUM |
| HCL AION is affected by a vulnerability where certain user actions are not adequately audited or logged. The absence of proper auditing mechanisms may reduce traceability of user activities and could potentially impact monitoring, accountability, or incident investigation processes. | |||||
| CVE-2025-52645 | 1 Hcltech | 1 Aion | 2026-03-18 | N/A | 1.9 LOW |
| HCL AION is affected by a vulnerability where model packaging and distribution mechanisms may not include sufficient authenticity verification. This may allow the possibility of unverified or modified model artifacts being used, potentially leading to integrity concerns or unintended behaviour. | |||||
| CVE-2025-52646 | 1 Hcltech | 1 Aion | 2026-03-18 | N/A | 2.2 LOW |
| HCL AION is affected by a vulnerability where certain offering configurations may permit execution of potentially harmful SQL queries. Improper validation or restrictions on query execution could expose the system to unintended database interactions or limited information exposure under specific conditions. | |||||
| CVE-2025-52649 | 1 Hcltech | 1 Aion | 2026-03-18 | N/A | 1.8 LOW |
| HCL AION is affected by a vulnerability where certain identifiers may be predictable in nature. Predictable identifiers may allow an attacker to infer or guess system-generated values, potentially leading to limited information disclosure or unintended access under specific conditions. | |||||
| CVE-2026-21786 | 1 Hcltech | 1 Sametime | 2026-03-09 | N/A | 3.3 LOW |
| HCL Sametime for iOS is impacted by a sensitive information disclosure. Hostnames information is written in application logs and certain URLs. | |||||
| CVE-2025-62326 | 1 Hcltech | 1 Digital Experience | 2026-02-24 | N/A | 6.1 MEDIUM |
| HCL Digital Experience is susceptible to stored cross-site scripting (XSS) in the administrative user interface which would require elevated privileges to exploit. | |||||
| CVE-2025-52603 | 1 Hcltech | 1 Connections | 2026-02-20 | N/A | 3.5 LOW |
| HCL Connections is vulnerable to information disclosure. In a very specific user navigation scenario, this could allow a user to obtain limited information when a single piece of internal metadata is returned in the browser. | |||||
| CVE-2023-37525 | 1 Hcltech | 1 Bigfix Compliance | 2026-02-12 | N/A | 5.3 MEDIUM |
| A sensitive information disclosure in HCL BigFix Compliance allows a remote attacker to access files under the WEB-INF directory, which may contain Java class files and configuration information, leading to unauthorized access to application internals. | |||||
| CVE-2025-52623 | 1 Hcltech | 1 Aion | 2026-02-11 | N/A | 3.7 LOW |
| HCL AION is affected by an Autocomplete HTML Attribute Not Disabled for Password Field vulnerability. This can allow autocomplete on password fields may lead to unintended storage or disclosure of sensitive credentials, potentially increasing the risk of unauthorized access. This issue affects AION: 2.0. | |||||
| CVE-2025-52628 | 1 Hcltech | 1 Aion | 2026-02-11 | N/A | 4.6 MEDIUM |
| HCL AION is affected by a Cookie with Insecure, Improper, or Missing SameSite vulnerability. This can allow cookies to be sent in cross-site requests, potentially increasing exposure to cross-site request forgery and related security risks. This issue affects AION: 2.0. | |||||
| CVE-2025-52631 | 1 Hcltech | 1 Aion | 2026-02-11 | N/A | 3.7 LOW |
| HCL AION is affected by a Missing or Insecure HTTP Strict-Transport-Security (HSTS) Header vulnerability. This can allow insecure connections, potentially exposing the application to man-in-the-middle and protocol downgrade attacks.. This issue affects AION: 2.0. | |||||
| CVE-2025-52633 | 1 Hcltech | 1 Aion | 2026-02-11 | N/A | 3.1 LOW |
| HCL AION is affected by a Permanent Cookie Containing Sensitive Session Information vulnerability. It is storing sensitive session data in persistent cookies may increase the risk of unauthorized access if the cookies are intercepted or compromised. This issue affects AION: 2.0. | |||||
| CVE-2025-52626 | 1 Hcltech | 1 Aion | 2026-02-10 | N/A | 4.5 MEDIUM |
| A Potential Command Injection vulnerability in HCL AION. An This can allow unintended command execution, potentially leading to unauthorized actions on the underlying system.This issue affects AION: 2.0 | |||||
| CVE-2025-52627 | 1 Hcltech | 1 Aion | 2026-02-10 | N/A | 5.5 MEDIUM |
| Root File System Not Mounted as Read-Only configuration vulnerability. This can allow unintended modifications to critical system files, potentially increasing the risk of system compromise or unauthorized changes.This issue affects AION: 2.0. | |||||
| CVE-2025-52629 | 1 Hcltech | 1 Aion | 2026-02-10 | N/A | 3.7 LOW |
| HCL AION is susceptible to Missing Content-Security-Policy. An The absence of a CSP header may increase the risk of cross-site scripting and other content injection attacks by allowing unsafe scripts or resources to execute..This issue affects AION: 2.0. | |||||
| CVE-2025-55251 | 1 Hcltech | 1 Aion | 2026-01-30 | N/A | 3.1 LOW |
| HCL AION is affected by an Unrestricted File Upload vulnerability. This can allow malicious file uploads, potentially resulting in unauthorized code execution or system compromise. | |||||
| CVE-2025-55249 | 1 Hcltech | 1 Aion | 2026-01-30 | N/A | 3.5 LOW |
| HCL AION is affected by a Missing Security Response Headers vulnerability. The absence of standard security headers may weaken the application’s overall security posture and increase its susceptibility to common web-based attacks. | |||||