hcltech
410 tracked vulnerabilities.
CVE-2025-52627
MEDIUM
HCL AION 2.0 - Incorrect Permission Assignment for Critical Resource
Feb 03, 2026
CVSS 5.5
EPSS 0.00
CVE-2025-52626
MEDIUM
HCL AION 2.0 - OS Command Injection
Feb 03, 2026
CVSS 4.5
EPSS 0.01
CVE-2025-55252
LOW
HCL AION 2 - Weak Password Requirements
Jan 19, 2026
CVSS 3.1
EPSS 0.00
CVE-2025-55250
LOW
HCL AION 2 - Technical Error Disclosure
Jan 19, 2026
CVSS 1.8
EPSS 0.00
CVE-2025-55251
LOW
HCL AION - Unrestricted File Upload
Jan 19, 2026
CVSS 3.1
EPSS 0.00
CVE-2025-55249
LOW
HCL AION - Missing Security Response Headers
Jan 19, 2026
CVSS 3.5
EPSS 0.00
CVE-2025-52661
LOW
HCL AION 2 - Insufficient Session Expiration
Jan 19, 2026
CVSS 2.4
EPSS 0.00
CVE-2025-52660
LOW
HCL AION - Unrestricted File Upload
Jan 19, 2026
CVSS 2.7
EPSS 0.00
CVE-2025-52659
LOW
HCL AION 2 - Cacheable HTTP Response Information Disclosure
Jan 19, 2026
CVSS 2.8
EPSS 0.00
CVE-2025-59870
HIGH
HCL MyXalytics - Static JWT Signing Secret Reuse
Jan 16, 2026
CVSS 7.4
EPSS 0.00
CVE-2025-31964
LOW
HCL BigFix IVR 4.2 - Unprotected Administrative Service Exposure
Jan 07, 2026
CVSS 2.2
EPSS 0.00
CVE-2025-31963
LOW
HCL BigFix IVR 4.2 - Unauthenticated Configuration Change via Local Setup Interface
Jan 07, 2026
CVSS 2.9
EPSS 0.00
CVE-2025-31962
LOW
HCL BigFix IVR 4.2 - Insufficient Session Expiration in Web UI Authentication
Jan 07, 2026
CVSS 2.0
EPSS 0.00
CVE-2025-63402
MEDIUM
HCLTech Dragon < 7.6.0 - Remote Code Execution via Unrestricted API Requests
Dec 03, 2025
CVSS 5.5
EPSS 0.00
CVE-2025-63401
MEDIUM
HCLTech DRAGON < 7.6.0 - Cross-Site Scripting via Missing Directives
Dec 03, 2025
CVSS 5.5
EPSS 0.00
CVE-2025-51736
MEDIUM
HCL Unica 12.0.0 - Unrestricted Upload of File with Dangerous Type
Nov 28, 2025
CVSS 6.3
EPSS 0.00
CVE-2025-51735
HIGH
HCL Technologies Ltd. Unica 12.0.0. - Code Injection
Nov 28, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-51734
MEDIUM
HCL Unica 12.0.0 - Cross-Site Scripting
Nov 28, 2025
CVSS 5.4
EPSS 0.00
CVE-2025-51733
MEDIUM
HCL Unica 12.0.0 - Cross-Site Request Forgery
Nov 28, 2025
CVSS 5.5
EPSS 0.00
CVE-2025-52639
LOW
HCL Connections - Sensitive Information Disclosure via Improper Data Rendering
Nov 18, 2025
CVSS 3.5
EPSS 0.00
CVE-2025-31954
MEDIUM
HCL iAutomate 6.5.1-6.5.2 - Sensitive Information Disclosure via HTTP Query String
Nov 05, 2025
CVSS 5.4
EPSS 0.00
CVE-2025-0277
MEDIUM
HCL BigFix Mobile < 3.3 - Cross-Site Scripting via Insecure CSP Directives
Oct 16, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-0276
MEDIUM
HCL BigFix Modern Client Management < 3.3 - Cross-Site Scripting via Insecure CSP Directives
Oct 16, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-0275
MEDIUM
HCL BigFix Mobile <3.3 - Privilege Escalation
Oct 16, 2025
CVSS 5.3
EPSS 0.00
CVE-2025-0274
MEDIUM
HCL BigFix MCM <3.3 - Privilege Escalation
Oct 16, 2025
CVSS 5.3
EPSS 0.00
Products
bigfix_platform 33
dryice_myxalytics 31
aion 29
connections 22
domino 22
bigfix_service_management 18
unica 18
aftermarket_cloud 17
sametime 17
digital_experience 11
hcl_leap 11
notes 11
bigfix_mobile 10
bigfix_compliance 9
domino_leap 9
appscan 8
traveler_for_microsoft_outlook 8
bigfix_webui 7
hcl_inotes 7
bigfix_modern_client_management 6
dryice_iautomate 6
icontrol 6
traveler 6
bigfix_insights_for_vulnerability_remediation 5
dfxanalytics 5
intelliops_event_management 5
verse 5
bigfix_saas 4
dryice_aex 4
hcl_compass 4
Quick Filters