hcltech
410 tracked vulnerabilities.
CVE-2026-21837
HIGH
HCL Digital Experience is affected by an OS command injection vulnerability in the Digital Asset Management API
Jun 05, 2026
CVSS 8.8
EPSS 0.01
CVE-2026-21826
MEDIUM
HCL Digital Experience and HCL Digital Experience Compose could be susceptible to Host header injection
Jun 05, 2026
CVSS 6.1
EPSS 0.00
CVE-2026-21825
MEDIUM
HCL Digital Experience Compose is affected by a reflected cross-site scripting (XSS) vulnerability in the search center
Jun 05, 2026
CVSS 6.1
EPSS 0.00
CVE-2026-21767
MEDIUM
HCL BigFix Platform is affected by insufficient authentication
Apr 02, 2026
CVSS 4.0
EPSS 0.00
CVE-2026-21765
HIGH
HCL BigFix Platform is affected by insecure permissions on private cryptographic keys
Apr 02, 2026
CVSS 8.8
EPSS 0.00
CVE-2026-21783
MEDIUM
HCL Traveler is affected by sensitive information disclosure
Mar 24, 2026
CVSS 4.3
EPSS 0.00
CVE-2026-21788
MEDIUM
HCL Connections 8 - Cross-Site Scripting
Mar 19, 2026
CVSS 5.4
EPSS 0.00
CVE-2026-21791
LOW
HCL Sametime for Android - Info Disclosure
Mar 10, 2026
CVSS 3.3
EPSS 0.00
CVE-2026-21786
LOW
HCL Sametime for iOS - Info Disclosure
Mar 05, 2026
CVSS 3.3
EPSS 0.00
CVE-2025-59868
MEDIUM
HCL Traveler for Microsoft Outlook (HTMO) is susceptible to sensitive data exposure
Jun 27, 2026
CVSS 5.5
EPSS 0.00
CVE-2025-62340
LOW
HCL iControl was affected by Inadequate Session Timeout vulnerability
Jun 17, 2026
CVSS 3.1
EPSS 0.00
CVE-2025-59872
MEDIUM
HCL ZIE for Web 16.0 - Unrestricted File Upload
Jun 17, 2026
CVSS 4.3
EPSS 0.00
CVE-2025-52612
HIGH
HCL iControl was affected by Export CSV - CSV Injection vulnerability.
Jun 04, 2026
CVSS 7.1
EPSS 0.00
CVE-2025-52611
LOW
HCL iControl was affected by Unhandled Exception - Stack Trace Disclosure vulnerability
Jun 04, 2026
CVSS 3.1
EPSS 0.00
CVE-2025-52609
LOW
HCL iControl was affected by Missing Security Headers vulnerability.
Jun 04, 2026
CVSS 3.7
EPSS 0.00
CVE-2025-52608
LOW
HCL iControl was affected by Missing Cookie Attributes vulnerability.
Jun 04, 2026
CVSS 3.1
EPSS 0.00
CVE-2025-52606
MEDIUM
HCL iControl - Weak Input Validation
Jun 04, 2026
CVSS 4.3
EPSS 0.00
CVE-2025-31985
LOW
HCL BigFix Service Management (SM) is affected by a security misconfiguration due to a missing or insecure “X-Content-Type-Options” header
May 20, 2026
CVSS 3.7
EPSS 0.00
CVE-2025-31973
MEDIUM
HCL BigFix Service Management (SM) is susceptible to a Configuration – 'Insecure Use of Base Image Version'
May 20, 2026
CVSS 4.0
EPSS 0.00
CVE-2025-15634
MEDIUM
HCL BigFix WebUI is affected by a missing authorization vulnerability
May 09, 2026
CVSS 4.3
EPSS 0.00
CVE-2025-15633
MEDIUM
HCL BigFix WebUI is affected by an improper authorization vulnerability
May 09, 2026
CVSS 6.5
EPSS 0.00
CVE-2025-31974
LOW
HCL BigFix Service Management (SM) is susceptible to a Root File System Not Mounted as Read-Only
May 06, 2026
CVSS 3.9
EPSS 0.00
CVE-2025-31960
MEDIUM
HCL BigFix Service Management (SM) is vulnerable to information exposure due to improper error handling within its reporting module
May 06, 2026
CVSS 5.3
EPSS 0.00
CVE-2025-52613
MEDIUM
HCL BigFix Service Management (SM) is affected by use of a vulnerable component
May 06, 2026
CVSS 4.6
EPSS 0.00
CVE-2025-31984
LOW
HCL BigFix Service Management (SM) is affected by a security misconfiguration due to a missing or insecure “X-Content-Type-Options” header
May 06, 2026
CVSS 3.7
EPSS 0.00
Products
bigfix_platform 33
dryice_myxalytics 31
aion 29
connections 22
domino 22
bigfix_service_management 18
unica 18
aftermarket_cloud 17
sametime 17
digital_experience 11
hcl_leap 11
notes 11
bigfix_mobile 10
bigfix_compliance 9
domino_leap 9
appscan 8
traveler_for_microsoft_outlook 8
bigfix_webui 7
hcl_inotes 7
bigfix_modern_client_management 6
dryice_iautomate 6
icontrol 6
traveler 6
bigfix_insights_for_vulnerability_remediation 5
dfxanalytics 5
intelliops_event_management 5
verse 5
bigfix_saas 4
dryice_aex 4
hcl_compass 4
Quick Filters