hcltech

410 tracked vulnerabilities.

CVE-2026-21837 HIGH
HCL Digital Experience is affected by an OS command injection vulnerability in the Digital Asset Management API
Jun 05, 2026
CVSS 8.8
EPSS 0.01
CVE-2026-21826 MEDIUM
HCL Digital Experience and HCL Digital Experience Compose could be susceptible to Host header injection
Jun 05, 2026
CVSS 6.1
EPSS 0.00
CVE-2026-21825 MEDIUM
HCL Digital Experience Compose is affected by a reflected cross-site scripting (XSS) vulnerability in the search center
Jun 05, 2026
CVSS 6.1
EPSS 0.00
CVE-2026-21767 MEDIUM
HCL BigFix Platform is affected by insufficient authentication
Apr 02, 2026
CVSS 4.0
EPSS 0.00
CVE-2026-21765 HIGH
HCL BigFix Platform is affected by insecure permissions on private cryptographic keys
Apr 02, 2026
CVSS 8.8
EPSS 0.00
CVE-2026-21783 MEDIUM
HCL Traveler is affected by sensitive information disclosure
Mar 24, 2026
CVSS 4.3
EPSS 0.00
CVE-2026-21788 MEDIUM
HCL Connections 8 - Cross-Site Scripting
Mar 19, 2026
CVSS 5.4
EPSS 0.00
CVE-2026-21791 LOW
HCL Sametime for Android - Info Disclosure
Mar 10, 2026
CVSS 3.3
EPSS 0.00
CVE-2026-21786 LOW
HCL Sametime for iOS - Info Disclosure
Mar 05, 2026
CVSS 3.3
EPSS 0.00
CVE-2025-59868 MEDIUM
HCL Traveler for Microsoft Outlook (HTMO) is susceptible to sensitive data exposure
Jun 27, 2026
CVSS 5.5
EPSS 0.00
CVE-2025-62340 LOW
HCL iControl was affected by Inadequate Session Timeout vulnerability
Jun 17, 2026
CVSS 3.1
EPSS 0.00
CVE-2025-59872 MEDIUM
HCL ZIE for Web 16.0 - Unrestricted File Upload
Jun 17, 2026
CVSS 4.3
EPSS 0.00
CVE-2025-52612 HIGH
HCL iControl was affected by Export CSV - CSV Injection vulnerability.
Jun 04, 2026
CVSS 7.1
EPSS 0.00
CVE-2025-52611 LOW
HCL iControl was affected by Unhandled Exception - Stack Trace Disclosure vulnerability
Jun 04, 2026
CVSS 3.1
EPSS 0.00
CVE-2025-52609 LOW
HCL iControl was affected by Missing Security Headers vulnerability.
Jun 04, 2026
CVSS 3.7
EPSS 0.00
CVE-2025-52608 LOW
HCL iControl was affected by Missing Cookie Attributes vulnerability.
Jun 04, 2026
CVSS 3.1
EPSS 0.00
CVE-2025-52606 MEDIUM
HCL iControl - Weak Input Validation
Jun 04, 2026
CVSS 4.3
EPSS 0.00
CVE-2025-31985 LOW
HCL BigFix Service Management (SM) is affected by a security misconfiguration due to a missing or insecure “X-Content-Type-Options” header
May 20, 2026
CVSS 3.7
EPSS 0.00
CVE-2025-31973 MEDIUM
HCL BigFix Service Management (SM) is susceptible to a Configuration – 'Insecure Use of Base Image Version'
May 20, 2026
CVSS 4.0
EPSS 0.00
CVE-2025-15634 MEDIUM
HCL BigFix WebUI is affected by a missing authorization vulnerability
May 09, 2026
CVSS 4.3
EPSS 0.00
CVE-2025-15633 MEDIUM
HCL BigFix WebUI is affected by an improper authorization vulnerability
May 09, 2026
CVSS 6.5
EPSS 0.00
CVE-2025-31974 LOW
HCL BigFix Service Management (SM) is susceptible to a Root File System Not Mounted as Read-Only
May 06, 2026
CVSS 3.9
EPSS 0.00
CVE-2025-31960 MEDIUM
HCL BigFix Service Management (SM) is vulnerable to information exposure due to improper error handling within its reporting module
May 06, 2026
CVSS 5.3
EPSS 0.00
CVE-2025-52613 MEDIUM
HCL BigFix Service Management (SM) is affected by use of a vulnerable component
May 06, 2026
CVSS 4.6
EPSS 0.00
CVE-2025-31984 LOW
HCL BigFix Service Management (SM) is affected by a security misconfiguration due to a missing or insecure “X-Content-Type-Options” header
May 06, 2026
CVSS 3.7
EPSS 0.00