Filtered by vendor Hcltech
Subscribe
Total
404 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2026-21791 | 1 Hcltech | 1 Sametime | 2026-06-17 | N/A | 3.3 LOW |
| HCL Sametime for Android is impacted by a sensitive information disclosure. Hostnames information is written in application logs and certain URL | |||||
| CVE-2026-21786 | 1 Hcltech | 1 Sametime | 2026-06-17 | N/A | 3.3 LOW |
| HCL Sametime for iOS is impacted by a sensitive information disclosure. Hostnames information is written in application logs and certain URLs. | |||||
| CVE-2025-63402 | 1 Hcltech | 1 Dragon | 2026-06-17 | N/A | 5.5 MEDIUM |
| An issue in HCL Technologies Limited HCLTech GRAGON before v.7.6.0 allows a remote attacker to execute arbitrary code via APIs do not enforcing limits on the number or size of requests | |||||
| CVE-2025-63401 | 1 Hcltech | 1 Dragon | 2026-06-17 | N/A | 5.5 MEDIUM |
| Cross Site Scripting vulnerability in HCL Technologies Limited HCLTech DRAGON before v.7.6.0 allows a remote attacker to execute arbitrary code via missing directives | |||||
| CVE-2025-62326 | 1 Hcltech | 1 Digital Experience | 2026-06-17 | N/A | 6.1 MEDIUM |
| HCL Digital Experience is susceptible to stored cross-site scripting (XSS) in the administrative user interface which would require elevated privileges to exploit. | |||||
| CVE-2025-59870 | 1 Hcltech | 1 Myxalytics | 2026-06-17 | N/A | 7.4 HIGH |
| HCL MyXalytics is affected by improper management of a static JWT signing secret in the web application, where the secret lacks rotation , introducing a security risk | |||||
| CVE-2025-55252 | 1 Hcltech | 1 Aion | 2026-06-17 | N/A | 3.1 LOW |
| HCL AION version 2 is affected by a Weak Password Policy vulnerability. This can allow the use of easily guessable passwords, potentially resulting in unauthorized access | |||||
| CVE-2025-55251 | 1 Hcltech | 1 Aion | 2026-06-17 | N/A | 3.1 LOW |
| HCL AION is affected by an Unrestricted File Upload vulnerability. This can allow malicious file uploads, potentially resulting in unauthorized code execution or system compromise. | |||||
| CVE-2025-55250 | 1 Hcltech | 1 Aion | 2026-06-17 | N/A | 1.8 LOW |
| HCL AION version 2 is affected by a Technical Error Disclosure vulnerability. This can expose sensitive technical details, potentially resulting in information disclosure or aiding further attacks. | |||||
| CVE-2025-55249 | 1 Hcltech | 1 Aion | 2026-06-17 | N/A | 3.5 LOW |
| HCL AION is affected by a Missing Security Response Headers vulnerability. The absence of standard security headers may weaken the application’s overall security posture and increase its susceptibility to common web-based attacks. | |||||
| CVE-2025-52661 | 1 Hcltech | 1 Aion | 2026-06-17 | N/A | 2.4 LOW |
| HCL AION version 2 is affected by a JWT Token Expiry Too Long vulnerability. This may increase the risk of token misuse, potentially resulting in unauthorized access if the token is compromised. | |||||
| CVE-2025-52660 | 1 Hcltech | 1 Aion | 2026-06-17 | N/A | 2.7 LOW |
| HCL AION is affected by an Unrestricted File Upload vulnerability. This can allow malicious file uploads, potentially resulting in unauthorized code execution or system compromise. | |||||
| CVE-2025-52659 | 1 Hcltech | 1 Aion | 2026-06-17 | N/A | 2.8 LOW |
| HCL AION version 2 is affected by a Cacheable HTTP Response vulnerability. This may lead to unintended storage of sensitive or dynamic content, potentially resulting in unauthorized access or information disclosure. | |||||
| CVE-2025-52658 | 1 Hcltech | 1 Dryice Myxalytics | 2026-06-17 | N/A | 3.5 LOW |
| HCL MyXalytics is affected by the use of vulnerable/outdated versions which can expose the application to known security risks that could be exploited. | |||||
| CVE-2025-52656 | 1 Hcltech | 1 Dryice Myxalytics | 2026-06-17 | N/A | 7.6 HIGH |
| HCL MyXalytics: 6.6. is affected by Mass Assignment vulnerability. Mass Assignment occurs when user input is automatically bound to application objects without proper validation or access controls, potentially allowing unauthorized modification of sensitive fields. | |||||
| CVE-2025-52654 | 1 Hcltech | 1 Dryice Myxalytics | 2026-06-17 | N/A | 4.6 MEDIUM |
| HCL MyXalytics v6.6 is affected by an HTML Injection. This issue occurs when untrusted input is included in the output without proper handling, potentially allowing unauthorized content injection and manipulation. | |||||
| CVE-2025-52653 | 1 Hcltech | 1 Dryice Myxalytics | 2026-06-17 | N/A | 7.6 HIGH |
| HCL MyXalytics product is affected by Cross Site Scripting vulnerability in the web application. This can allow the execution of unauthorized scripts, potentially resulting in unauthorized actions or access. | |||||
| CVE-2025-52650 | 1 Hcltech | 1 Aion | 2026-06-17 | N/A | 8.2 HIGH |
| Inline script execution allowed in CSP vulnerability has been identified in HCL AION v2.0 | |||||
| CVE-2025-52639 | 1 Hcltech | 1 Connections | 2026-06-17 | N/A | 3.5 LOW |
| HCL Connections is vulnerable to a sensitive information disclosure vulnerability which could allow a user to obtain sensitive information they are not entitled to, caused by improper rendering of application data. | |||||
| CVE-2025-52635 | 1 Hcltech | 1 Aion | 2026-06-17 | N/A | 3.7 LOW |
| A rusted types in scripts not enforced in CSP vulnerability has been identified in HCL AION.This issue affects AION: 2.0. | |||||