hcltech

395 tracked vulnerabilities.

CVE-2025-52645 LOW
HCL AION is affected by a vulnerability where model packaging and distribution mechanisms may not include sufficient authenticity verification.
Mar 16, 2026
CVSS 1.9
EPSS 0.00
CVE-2025-52644 MEDIUM
HCL AION is affected by a vulnerability where certain user actions are not adequately audited or logged.
Mar 16, 2026
CVSS 5.8
EPSS 0.00
CVE-2025-52643 MEDIUM
HCL AION is affected by a vulnerability where untrusted file parsing operations are not executed within a properly isolated sandbox environment
Mar 16, 2026
CVSS 4.7
EPSS 0.00
CVE-2025-52642 LOW
HCL AION is affected by an internal filesystem paths disloser vulnerability
Mar 16, 2026
CVSS 3.3
EPSS 0.00
CVE-2025-52636 LOW
HCL AION is affected by a improper handling of uploads files Size
Mar 16, 2026
CVSS 1.8
EPSS 0.00
CVE-2025-62326 MEDIUM
HCL Digital Experience - Authenticated Stored Cross-Site Scripting in Administrative User Interface
Feb 20, 2026
CVSS 6.1
EPSS 0.00
CVE-2025-52603 LOW
HCL Connections - Information Disclosure via Browser Metadata Exposure
Feb 20, 2026
CVSS 3.5
EPSS 0.00
CVE-2025-52633 LOW
HCL AION 2.0 - Sensitive Session Information Exposure via Persistent Cookies
Feb 03, 2026
CVSS 3.1
EPSS 0.00
CVE-2025-52631 LOW
HCL AION 2.0 - Exposure of Sensitive Information via Missing HSTS Header
Feb 03, 2026
CVSS 3.7
EPSS 0.00
CVE-2025-52628 MEDIUM
HCL AION 2.0 - Sensitive Cookie with Improper SameSite Attribute
Feb 03, 2026
CVSS 4.6
EPSS 0.00
CVE-2025-52623 LOW
HCL AION 2.0 - Insufficiently Protected Credentials via Password Field Autocomplete
Feb 03, 2026
CVSS 3.7
EPSS 0.00
CVE-2025-52629 LOW
HCL AION 2.0 - Missing Content-Security-Policy Header
Feb 03, 2026
CVSS 3.7
EPSS 0.00
CVE-2025-52627 MEDIUM
HCL AION 2.0 - Incorrect Permission Assignment for Critical Resource
Feb 03, 2026
CVSS 5.5
EPSS 0.00
CVE-2025-52626 MEDIUM
HCL AION 2.0 - OS Command Injection
Feb 03, 2026
CVSS 4.5
EPSS 0.00
CVE-2025-55252 LOW
HCL AION 2 - Weak Password Requirements
Jan 19, 2026
CVSS 3.1
EPSS 0.00
CVE-2025-55250 LOW
HCL AION 2 - Technical Error Disclosure
Jan 19, 2026
CVSS 1.8
EPSS 0.00
CVE-2025-55251 LOW
HCL AION - Unrestricted File Upload
Jan 19, 2026
CVSS 3.1
EPSS 0.00
CVE-2025-55249 LOW
HCL AION - Missing Security Response Headers
Jan 19, 2026
CVSS 3.5
EPSS 0.00
CVE-2025-52661 LOW
HCL AION 2 - Insufficient Session Expiration
Jan 19, 2026
CVSS 2.4
EPSS 0.00
CVE-2025-52660 LOW
HCL AION - Unrestricted File Upload
Jan 19, 2026
CVSS 2.7
EPSS 0.00
CVE-2025-52659 LOW
HCL AION 2 - Cacheable HTTP Response Information Disclosure
Jan 19, 2026
CVSS 2.8
EPSS 0.00
CVE-2025-59870 HIGH
HCL MyXalytics - Static JWT Signing Secret Reuse
Jan 16, 2026
CVSS 7.4
EPSS 0.00
CVE-2025-31964 LOW
HCL BigFix IVR 4.2 - Unprotected Administrative Service Exposure
Jan 07, 2026
CVSS 2.2
EPSS 0.00
CVE-2025-31963 LOW
HCL BigFix IVR 4.2 - Unauthenticated Configuration Change via Local Setup Interface
Jan 07, 2026
CVSS 2.9
EPSS 0.00
CVE-2025-31962 LOW
HCL BigFix IVR 4.2 - Insufficient Session Expiration in Web UI Authentication
Jan 07, 2026
CVSS 2.0
EPSS 0.00
Products
bigfix_platform 33 dryice_myxalytics 31 aion 29 connections 22 domino 22 bigfix_service_management 18 aftermarket_cloud 17 sametime 17 unica 17 hcl_leap 11 notes 11 bigfix_mobile 10 bigfix_compliance 9 domino_leap 9 appscan 8 digital_experience 8 bigfix_webui 7 hcl_inotes 7 bigfix_modern_client_management 6 dryice_iautomate 6 traveler 6 bigfix_insights_for_vulnerability_remediation 5 dfxanalytics 5 intelliops_event_management 5 traveler_for_microsoft_outlook 5 verse 5 bigfix_saas 4 dryice_aex 4 hcl_compass 4 hcl_digital_experience 4
Quick Filters
Critical CVEs With Exploits In CISA KEV