Filtered by vendor Hcltech
Subscribe
Total
338 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-30127 | 1 Hcltech | 1 Hcl Leap | 2025-11-17 | N/A | 3.2 LOW |
|
Missing "no cache" headers in HCL Leap permits sensitive data to be cached.
|
|||||
| CVE-2022-44759 | 1 Hcltech | 1 Hcl Leap | 2025-11-17 | N/A | 4.6 MEDIUM |
|
Improper sanitization of SVG files in HCL Leap
allows client-side script injection in deployed applications.
|
|||||
| CVE-2023-37516 | 1 Hcltech | 1 Hcl Leap | 2025-11-17 | N/A | 3.2 LOW |
|
Missing "no cache" headers in HCL Leap permits user directory information to be cached.
|
|||||
| CVE-2022-44760 | 1 Hcltech | 1 Hcl Leap | 2025-11-17 | N/A | 4.6 MEDIUM |
|
Unsafe default file type filter policy in HCL
Leap allows execution of unsafe JavaScript in deployed applications.
|
|||||
| CVE-2024-30147 | 1 Hcltech | 1 Hcl Leap | 2025-11-17 | N/A | 6.5 MEDIUM |
|
Multiple vectors in HCL Leap allow client-side
script injection in the authoring environment and deployed applications.
|
|||||
| CVE-2024-30114 | 1 Hcltech | 1 Hcl Leap | 2025-11-17 | N/A | 3.7 LOW |
|
Insufficient sanitization in HCL Leap allows
client-side script injection in the authoring environment.
|
|||||
| CVE-2024-30113 | 1 Hcltech | 1 Hcl Leap | 2025-11-17 | N/A | 6.3 MEDIUM |
|
Insufficient sanitization policy in HCL Leap
allows client-side script injection in the deployed application through the
HTML widget.
|
|||||
| CVE-2023-45720 | 1 Hcltech | 1 Hcl Leap | 2025-11-17 | N/A | 5.3 MEDIUM |
|
Insufficient default configuration in HCL Leap
allows anonymous access to directory information.
|
|||||
| CVE-2023-37534 | 1 Hcltech | 1 Hcl Leap | 2025-11-17 | N/A | 7.1 HIGH |
|
Insufficient URI protocol whitelist in HCL Leap
allows script injection through query parameters.
|
|||||
| CVE-2024-30148 | 1 Hcltech | 1 Hcl Leap | 2025-11-17 | N/A | 4.1 MEDIUM |
|
Improper access control of endpoint in HCL Leap
allows certain admin users to import applications from the
server's filesystem.
|
|||||
| CVE-2025-31954 | 1 Hcltech | 1 Dryice Iautomate | 2025-11-07 | N/A | 5.4 MEDIUM |
|
HCL iAutomate v6.5.1 and v6.5.2 is susceptible to a sensitive information disclosure. An HTTP GET method is used to process a request and includes sensitive information in the query string of that request. An attacker could potentially access information or resources they were not intended to see.
|
|||||
| CVE-2024-30145 | 1 Hcltech | 1 Domino Leap | 2025-11-07 | N/A | 6.5 MEDIUM |
|
Multiple vectors in HCL Domino Volt and Domino Leap allow client-side
script injection in the authoring environment and deployed applications.
|
|||||
| CVE-2023-45721 | 1 Hcltech | 1 Domino Leap | 2025-11-04 | N/A | 5.3 MEDIUM |
|
Insufficient default configuration in HCL Leap
allows anonymous access to directory information.
|
|||||
| CVE-2024-30115 | 1 Hcltech | 1 Domino Leap | 2025-11-04 | N/A | 6.3 MEDIUM |
|
Insufficient sanitization policy in HCL Leap
allows client-side script injection in the deployed application through the
HTML widget.
|
|||||
| CVE-2022-27562 | 1 Hcltech | 1 Domino Leap | 2025-10-30 | N/A | 4.6 MEDIUM |
|
Unsafe default file type filter policy in HCL Domino Volt allows upload of .html file and execution of unsafe JavaScript in deployed applications.
|
|||||
| CVE-2022-42449 | 1 Hcltech | 1 Domino Leap | 2025-10-30 | N/A | 4.6 MEDIUM |
|
Unsafe default file type filter policy in HCL Domino Volt allows upload of .html file and execution of unsafe JavaScript in deployed applications
|
|||||
| CVE-2022-42450 | 1 Hcltech | 1 Domino Leap | 2025-10-30 | N/A | 4.6 MEDIUM |
|
Improper sanitization of SVG files in HCL Domino Volt allows client-side script injection in deployed applications.
|
|||||
| CVE-2023-37517 | 1 Hcltech | 1 Domino Leap | 2025-10-30 | N/A | 3.2 LOW |
|
Missing "no cache" headers in HCL Leap permits sensitive data to be cached.
|
|||||
| CVE-2023-37535 | 1 Hcltech | 1 Domino Leap | 2025-10-30 | N/A | 7.1 HIGH |
|
Insufficient URI protocol whitelist in HCL Domino Volt and Domino Leap
allow script injection through query parameters.
|
|||||
| CVE-2024-30152 | 1 Hcltech | 1 Hcl Sx | 2025-10-30 | N/A | 6.5 MEDIUM |
|
HCL SX v21 is affected by usage of a weak cryptographic algorithm. An attacker could exploit this weakness to gain access to sensitive information, modify data, or other impacts.
|
|||||
| CVE-2024-30109 | 1 Hcltech | 1 Dryice Aex | 2025-10-30 | N/A | 3.7 LOW |
|
HCL DRYiCE AEX is impacted by a lack of clickjacking protection in the AEX web application. An attacker can use multiple transparent or opaque layers to trick a user into clicking on a button or link on another page than the one intended.
|
|||||
| CVE-2024-30110 | 1 Hcltech | 1 Dryice Aex | 2025-10-30 | N/A | 3.7 LOW |
|
HCL DRYiCE
AEX product is impacted by lack of input validation vulnerability in a particular web application. A malicious script can be injected into a system which
can cause the system to behave in unexpected ways.
|
|||||
| CVE-2024-30111 | 1 Hcltech | 1 Dryice Aex | 2025-10-30 | N/A | 3.3 LOW |
|
HCL DRYiCE AEX product is impacted by Missing
Root Detection vulnerability in the mobile application. The mobile app can be installed in the rooted
device due to which malicious users can gain unauthorized access to the rooted
devices, compromising security and potentially leading to data breaches or
other malicious activities.
|
|||||
| CVE-2024-30135 | 1 Hcltech | 1 Dryice Aex | 2025-10-30 | N/A | 3.3 LOW |
|
HCL DRYiCE AEX is potentially impacted by disclosure of sensitive information in the mobile application when a snapshot is taken.
|
|||||
| CVE-2024-30130 | 1 Hcltech | 1 Nomad Server On Domino | 2025-10-30 | N/A | 3.7 LOW |
|
HCL Nomad server on Domino is vulnerable to the cache containing sensitive information which could potentially give an attacker the ability to acquire the sensitive information.
|
|||||
| CVE-2024-30128 | 1 Hcltech | 1 Nomad Server On Domino | 2025-10-30 | N/A | 8.6 HIGH |
|
HCL Nomad server on Domino is affected by an open proxy vulnerability in which an unauthenticated attacker can mask their original source IP address. This may enable an attacker to trick the user into exposing sensitive information.
|
|||||
| CVE-2024-30134 | 1 Hcltech | 1 Traveler For Microsoft Outlook | 2025-10-30 | N/A | 6.7 MEDIUM |
|
The HCL Traveler for Microsoft Outlook executable (HTMO.exe) is being flagged as potentially Malicious Software or an Unrecognized Application.
|
|||||
| CVE-2024-30132 | 1 Hcltech | 1 Nomad Server On Domino | 2025-10-30 | N/A | 3.7 LOW |
|
HCL Nomad server on Domino did not configure certain HTTP Security headers by default which could allow an attacker to obtain sensitive information via unspecified vectors.
|
|||||
| CVE-2024-30133 | 1 Hcltech | 1 Traveler For Microsoft Outlook | 2025-10-30 | N/A | 5.3 MEDIUM |
|
HCL Traveler for Microsoft Outlook (HTMO) is susceptible to a control flow vulnerability. The application does not sufficiently manage its control flow during execution, creating conditions in which the control flow can be modified in unexpected ways.
|
|||||
| CVE-2024-42190 | 1 Hcltech | 1 Traveler For Microsoft Outlook | 2025-10-30 | N/A | 6.5 MEDIUM |
|
HCL Traveler for Microsoft Outlook (HTMO) is susceptible to a DLL hijacking vulnerability which could allow an attacker to modify or replace the application with malicious content.
|
|||||
| CVE-2024-42191 | 1 Hcltech | 1 Traveler For Microsoft Outlook | 2025-10-30 | N/A | 6.5 MEDIUM |
|
HCL Traveler for Microsoft Outlook (HTMO) is susceptible to a COM hijacking vulnerability which could allow an attacker to modify or replace the application with malicious content.
|
|||||
| CVE-2024-30155 | 1 Hcltech | 1 Hcl Sx | 2025-10-30 | N/A | 5.5 MEDIUM |
|
HCL SX does not set the secure attribute on authorization tokens or session cookies. Attackers may potentially be able to obtain access to the cookie values via a Cross-Site-Forgery-Request (CSRF).
|
|||||
| CVE-2025-52618 | 1 Hcltech | 1 Bigfix Saas | 2025-10-29 | N/A | 4.3 MEDIUM |
|
HCL BigFix SaaS Authentication Service is affected by a SQL injection vulnerability. The vulnerability allows potential attackers to manipulate SQL queries.
|
|||||
| CVE-2025-52619 | 1 Hcltech | 1 Bigfix Saas | 2025-10-29 | N/A | 5.3 MEDIUM |
|
HCL BigFix SaaS Authentication Service is affected by a sensitive information disclosure. Under certain conditions, error messages disclose sensitive version information about the underlying platform.
|
|||||
| CVE-2025-52620 | 1 Hcltech | 1 Bigfix Saas | 2025-10-29 | N/A | 4.3 MEDIUM |
|
HCL BigFix SaaS Authentication Service is affected by a Cross-Site Scripting (XSS) vulnerability. The image upload functionality inadequately validated the submitted image format.
|
|||||
| CVE-2025-52621 | 1 Hcltech | 1 Bigfix Saas | 2025-10-29 | N/A | 5.3 MEDIUM |
|
HCL BigFix SaaS Authentication Service is vulnerable to cache poisoning. The BigFix SaaS's HTTP responses were observed to include the Origin header. Its presence alongside an unvalidated reflection of the Origin header value introduces a potential for cache poisoning.
|
|||||
| CVE-2024-42192 | 1 Hcltech | 1 Traveler For Microsoft Outlook | 2025-10-29 | N/A | 5.5 MEDIUM |
|
HCL Traveler for Microsoft Outlook (HTMO) is susceptible to a credential leakage which could allow an attacker to access other computers or applications.
|
|||||
| CVE-2025-31977 | 1 Hcltech | 1 Bigfix Service Management | 2025-10-29 | N/A | 5.3 MEDIUM |
|
HCL BigFix SM is affected by cryptographic weakness due to weak or outdated encryption algorithms. An attacker with network access could exploit this weakness to decrypt or manipulate encrypted communications under certain conditions.
|
|||||
| CVE-2025-31972 | 1 Hcltech | 1 Bigfix Service Management | 2025-10-29 | N/A | 6.5 MEDIUM |
|
HCL BigFix SM is affected by a Sensitive Information Exposure vulnerability where internal connections do not use TLS encryption which could allow an attacker unauthorized access to sensitive data transmitted between internal components.
|
|||||
| CVE-2025-31993 | 1 Hcltech | 1 Unica Centralized Offer Management | 2025-10-29 | N/A | 3.5 LOW |
|
HCL Unica Centralized Offer Management is vulnerable to a potential Server-Side Request Forgery (SSRF). An attacker can exploit improper input validation by submitting maliciously crafted input to a target application running on a server.
|
|||||