hcltech

410 tracked vulnerabilities.

CVE-2025-52627 MEDIUM
HCL AION 2.0 - Incorrect Permission Assignment for Critical Resource
Feb 03, 2026
CVSS 5.5
EPSS 0.00
CVE-2025-52626 MEDIUM
HCL AION 2.0 - OS Command Injection
Feb 03, 2026
CVSS 4.5
EPSS 0.01
CVE-2025-55252 LOW
HCL AION 2 - Weak Password Requirements
Jan 19, 2026
CVSS 3.1
EPSS 0.00
CVE-2025-55250 LOW
HCL AION 2 - Technical Error Disclosure
Jan 19, 2026
CVSS 1.8
EPSS 0.00
CVE-2025-55251 LOW
HCL AION - Unrestricted File Upload
Jan 19, 2026
CVSS 3.1
EPSS 0.00
CVE-2025-55249 LOW
HCL AION - Missing Security Response Headers
Jan 19, 2026
CVSS 3.5
EPSS 0.00
CVE-2025-52661 LOW
HCL AION 2 - Insufficient Session Expiration
Jan 19, 2026
CVSS 2.4
EPSS 0.00
CVE-2025-52660 LOW
HCL AION - Unrestricted File Upload
Jan 19, 2026
CVSS 2.7
EPSS 0.00
CVE-2025-52659 LOW
HCL AION 2 - Cacheable HTTP Response Information Disclosure
Jan 19, 2026
CVSS 2.8
EPSS 0.00
CVE-2025-59870 HIGH
HCL MyXalytics - Static JWT Signing Secret Reuse
Jan 16, 2026
CVSS 7.4
EPSS 0.00
CVE-2025-31964 LOW
HCL BigFix IVR 4.2 - Unprotected Administrative Service Exposure
Jan 07, 2026
CVSS 2.2
EPSS 0.00
CVE-2025-31963 LOW
HCL BigFix IVR 4.2 - Unauthenticated Configuration Change via Local Setup Interface
Jan 07, 2026
CVSS 2.9
EPSS 0.00
CVE-2025-31962 LOW
HCL BigFix IVR 4.2 - Insufficient Session Expiration in Web UI Authentication
Jan 07, 2026
CVSS 2.0
EPSS 0.00
CVE-2025-63402 MEDIUM
HCLTech Dragon < 7.6.0 - Remote Code Execution via Unrestricted API Requests
Dec 03, 2025
CVSS 5.5
EPSS 0.00
CVE-2025-63401 MEDIUM
HCLTech DRAGON < 7.6.0 - Cross-Site Scripting via Missing Directives
Dec 03, 2025
CVSS 5.5
EPSS 0.00
CVE-2025-51736 MEDIUM
HCL Unica 12.0.0 - Unrestricted Upload of File with Dangerous Type
Nov 28, 2025
CVSS 6.3
EPSS 0.00
CVE-2025-51735 HIGH
HCL Technologies Ltd. Unica 12.0.0. - Code Injection
Nov 28, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-51734 MEDIUM
HCL Unica 12.0.0 - Cross-Site Scripting
Nov 28, 2025
CVSS 5.4
EPSS 0.00
CVE-2025-51733 MEDIUM
HCL Unica 12.0.0 - Cross-Site Request Forgery
Nov 28, 2025
CVSS 5.5
EPSS 0.00
CVE-2025-52639 LOW
HCL Connections - Sensitive Information Disclosure via Improper Data Rendering
Nov 18, 2025
CVSS 3.5
EPSS 0.00
CVE-2025-31954 MEDIUM
HCL iAutomate 6.5.1-6.5.2 - Sensitive Information Disclosure via HTTP Query String
Nov 05, 2025
CVSS 5.4
EPSS 0.00
CVE-2025-0277 MEDIUM
HCL BigFix Mobile < 3.3 - Cross-Site Scripting via Insecure CSP Directives
Oct 16, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-0276 MEDIUM
HCL BigFix Modern Client Management < 3.3 - Cross-Site Scripting via Insecure CSP Directives
Oct 16, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-0275 MEDIUM
HCL BigFix Mobile <3.3 - Privilege Escalation
Oct 16, 2025
CVSS 5.3
EPSS 0.00
CVE-2025-0274 MEDIUM
HCL BigFix MCM <3.3 - Privilege Escalation
Oct 16, 2025
CVSS 5.3
EPSS 0.00