Filtered by vendor Hcltech
Subscriptions
Total
310 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-37516 | 1 Hcltech | 1 Leap | 2025-10-29 | 3.2 Low |
| Missing "no cache" headers in HCL Leap permits user directory information to be cached. | ||||
| CVE-2022-44760 | 1 Hcltech | 1 Leap | 2025-10-29 | 4.6 Medium |
| Unsafe default file type filter policy in HCL Leap allows execution of unsafe JavaScript in deployed applications. | ||||
| CVE-2022-44759 | 1 Hcltech | 1 Leap | 2025-10-29 | 4.6 Medium |
| Improper sanitization of SVG files in HCL Leap allows client-side script injection in deployed applications. | ||||
| CVE-2024-30148 | 1 Hcltech | 1 Leap | 2025-10-29 | 4.1 Medium |
| Improper access control of endpoint in HCL Leap allows certain admin users to import applications from the server's filesystem. | ||||
| CVE-2024-42209 | 1 Hcltech | 1 Connections | 2025-10-29 | 3.5 Low |
| HCL Connections is vulnerable to an information disclosure vulnerability that could allow a user to obtain sensitive information they are not entitled to, which is caused by improper handling of request data. | ||||
| CVE-2024-42208 | 1 Hcltech | 1 Connections | 2025-10-29 | 3.5 Low |
| HCL Connections is vulnerable to an information disclosure vulnerability which could allow a user to obtain sensitive information they are not entitled to, caused by improper handling of request data. | ||||
| CVE-2023-37541 | 1 Hcltech | 1 Connections | 2025-10-29 | 3.5 Low |
| HCL Connections contains a broken access control vulnerability that may allow unauthorized user to update data in certain scenarios. | ||||
| CVE-2024-23557 | 1 Hcltech | 1 Connections | 2025-10-29 | 3.5 Low |
| HCL Connections contains a user enumeration vulnerability. Certain actions could allow an attacker to determine if the user is valid or not, leading to a possible brute force attack. | ||||
| CVE-2024-30107 | 1 Hcltech | 1 Connections | 2025-10-29 | 3.5 Low |
| HCL Connections contains a broken access control vulnerability that may expose sensitive information to unauthorized users in certain scenarios. | ||||
| CVE-2024-30112 | 1 Hcltech | 1 Connections | 2025-10-28 | 5.4 Medium |
| HCL Connections is vulnerable to a cross-site scripting attack where an attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user which leads to executing malicious script code. This may let the attacker steal cookie-based authentication credentials and comprise user's account then launch other attacks. | ||||
| CVE-2024-42188 | 1 Hcltech | 1 Connections | 2025-10-28 | 3.7 Low |
| HCL Connections is vulnerable to a broken access control vulnerability that may allow an unauthorized user to update data in certain scenarios. | ||||
| CVE-2025-52630 | 1 Hcltech | 1 Aion | 2025-10-24 | 3.7 Low |
| Exposure of Sensitive Information to an Unauthorized Actor vulnerability in HCL AION.This issue affects AION: 2.0. | ||||
| CVE-2025-52632 | 1 Hcltech | 1 Aion | 2025-10-24 | 6.5 Medium |
| A Missing Secure Attribute in Encrypted Session (SSL) Cookie vulnerability in HCL AION.This issue affects AION: 2.0. | ||||
| CVE-2025-52634 | 1 Hcltech | 1 Aion | 2025-10-24 | 3.7 Low |
| Exposure of Sensitive Information to an Unauthorized Actor vulnerability in HCL AION This issue affects HCL AION: 2.0. | ||||
| CVE-2025-52650 | 1 Hcltech | 1 Aion | 2025-10-24 | 8.2 High |
| Inline script execution allowed in CSP vulnerability has been identified in HCL AION v2.0 | ||||
| CVE-2025-52624 | 1 Hcltech | 1 Aion | 2025-10-24 | 5.4 Medium |
| A vulnerability Bypass of the script allowlist configuration in HCL AION. An incorrectly configured Content-Security-Policy header may allow unauthorized scripts to execute, increasing the risk of cross-site scripting and other injection-based attacks.This issue affects AION: 2.0. | ||||
| CVE-2025-52625 | 1 Hcltech | 1 Aion | 2025-10-24 | 3.7 Low |
| A vulnerability Cacheable SSL Page Found vulnerability has been identified in HCL AION. Cached data may expose credentials, system identifiers, or internal file paths to attackers with access to the device or browser This issue affects AION: 2.0. | ||||
| CVE-2025-52635 | 1 Hcltech | 1 Aion | 2025-10-24 | 3.7 Low |
| A rusted types in scripts not enforced in CSP vulnerability has been identified in HCL AION.This issue affects AION: 2.0. | ||||
| CVE-2025-0274 | 1 Hcltech | 2 Bigfix Mobile, Bigfix Modern Client Management | 2025-10-21 | 5.3 Medium |
| HCL BigFix Modern Client Management (MCM) 3.3 and earlier is affected by improper access control. Unauthorized users can access a small subset of endpoint actions, potentially allowing access to select internal functions. | ||||
| CVE-2025-0275 | 1 Hcltech | 2 Bigfix Mobile, Bigfix Modern Client Management | 2025-10-21 | 5.3 Medium |
| HCL BigFix Mobile 3.3 and earlier is affected by improper access control. Unauthorized users can access a small subset of endpoint actions, potentially allowing access to select internal functions. | ||||