Filtered by vendor Hcltech
Subscriptions
Total
347 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-30149 | 1 Hcltech | 1 Appscan Source | 2026-01-08 | 4.8 Medium |
| HCL AppScan Source <= 10.6.0 does not properly validate a TLS/SSL certificate for an executable. | ||||
| CVE-2025-62329 | 2 Hcltech, Hcltechsw | 3 Devops Deploy, Hcl Devops Deploy, Hcl Launch | 2026-01-07 | 5 Medium |
| HCL DevOps Deploy / HCL Launch is susceptible to a race condition in http-session client-IP binding enforcement which may allow a session to be briefly reused from a new IP address before it is invalidated. This could lead to unauthorized access under certain network conditions. | ||||
| CVE-2025-62330 | 2 Hcltech, Hcltechsw | 2 Devops Deploy, Hcl Devops Deploy | 2026-01-07 | 5.9 Medium |
| HCL DevOps Deploy is susceptible to a cleartext transmission of sensitive information because the HTTP port remains accessible and does not redirect to HTTPS as intended. As a result, an attacker with network access could intercept or modify user credentials and session-related data via passive monitoring or man-in-the-middle attacks. | ||||
| CVE-2025-55254 | 2 Hcltech, Hcltechsw | 3 Bigfix Remote Control, Hcl Devops Deploy, Hcl Launch | 2026-01-06 | 3.7 Low |
| Improper management of Path-relative stylesheet import in HCL BigFix Remote Control Lite Web Portal (versions 10.1.0.0326 and lower) may allow to execute malicious code in certain web pages. | ||||
| CVE-2025-59849 | 2 Hcltech, Hcltechsw | 3 Bigfix Remote Control, Hcl Devops Deploy, Hcl Launch | 2026-01-06 | 4.7 Medium |
| Improper management of Content Security Policy in HCL BigFix Remote Control Lite Web Portal (versions 10.1.0.0326 and lower) may allow the execution of malicious code in web pages. | ||||
| CVE-2024-30146 | 1 Hcltech | 1 Domino Leap | 2025-12-31 | 4.1 Medium |
| Improper access control of endpoint in HCL Domino Leap allows certain admin users to import applications from the server's filesystem. | ||||
| CVE-2025-63401 | 1 Hcltech | 1 Dragon | 2025-12-18 | 5.5 Medium |
| Cross Site Scripting vulnerability in HCL Technologies Limited HCLTech DRAGON before v.7.6.0 allows a remote attacker to execute arbitrary code via missing directives | ||||
| CVE-2025-63402 | 1 Hcltech | 1 Dragon | 2025-12-18 | 5.5 Medium |
| An issue in HCL Technologies Limited HCLTech GRAGON before v.7.6.0 allows a remote attacker to execute arbitrary code via APIs do not enforcing limits on the number or size of requests | ||||
| CVE-2024-42197 | 1 Hcltech | 1 Workload Scheduler | 2025-12-12 | 5.5 Medium |
| HCL Workload Scheduler stores user credentials in plain text which can be read by a local user. | ||||
| CVE-2025-52622 | 1 Hcltech | 1 Bigfix Saas | 2025-12-08 | 5.4 Medium |
| The BigFix SaaS's HTTP responses were missing some security headers. The absence of these headers weakens the application's client-side security posture, making it more vulnerable to common web attacks that these headers are designed to mitigate, such as Cross-Site Scripting (XSS), Clickjacking, and protocol downgrade attacks. | ||||
| CVE-2025-51736 | 1 Hcltech | 1 Unica | 2025-12-02 | 6.3 Medium |
| File upload vulnerability in HCL Technologies Ltd. Unica 12.0.0. | ||||
| CVE-2025-51735 | 1 Hcltech | 1 Unica | 2025-12-02 | 7.5 High |
| CSV formula injection vulnerability in HCL Technologies Ltd. Unica 12.0.0. | ||||
| CVE-2025-51734 | 1 Hcltech | 1 Unica | 2025-12-02 | 5.4 Medium |
| Cross-site scripting (XSS) vulnerability in HCL Technologies Ltd. Unica 12.0.0. | ||||
| CVE-2025-51733 | 1 Hcltech | 1 Unica | 2025-12-02 | 5.5 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in HCL Technologies Ltd. Unica 12.0.0. | ||||
| CVE-2025-0248 | 1 Hcltech | 1 Hcl Inotes | 2025-11-27 | 8.1 High |
| HCL iNotes is susceptible to a Reflected Cross-site Scripting (XSS) vulnerability caused by improper validation of user-supplied input. A remote, unauthenticated attacker can specially craft a URL to execute script in a victim's Web browser within the security context of the hosting Web site and/or steal the victim's cookie-based authentication credentials. | ||||
| CVE-2024-23563 | 1 Hcltech | 1 Connections Docs | 2025-11-25 | 3.9 Low |
| HCL Connections Docs is vulnerable to a sensitive information disclosure which could allow a user to obtain sensitive information they are not entitled to, caused by improper handling of request data. | ||||
| CVE-2025-62346 | 1 Hcltech | 1 Glovius Cloud | 2025-11-24 | 6.8 Medium |
| A Cross-Site Request Forgery (CSRF) vulnerability was identified in HCL Glovius Cloud. An attacker can force a user's web browser to execute an unwanted, malicious action on a trusted site where the user is authenticated, specifically on one endpoint. | ||||
| CVE-2025-31987 | 1 Hcltech | 1 Connections Docs | 2025-11-21 | 4.8 Medium |
| HCL Connections Docs may mishandle validation of certain uploaded documents leading to denial of service due to resource exhaustion. | ||||
| CVE-2025-52639 | 1 Hcltech | 1 Connections | 2025-11-20 | 3.5 Low |
| HCL Connections is vulnerable to a sensitive information disclosure vulnerability which could allow a user to obtain sensitive information they are not entitled to, caused by improper rendering of application data. | ||||
| CVE-2024-30127 | 1 Hcltech | 1 Hcl Leap | 2025-11-17 | 3.2 Low |
| Missing "no cache" headers in HCL Leap permits sensitive data to be cached. | ||||