Search Results (434 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-52628 1 Hcltech 1 Aion 2026-04-25 4.6 Medium
HCL AION is affected by a Cookie with Insecure, Improper, or Missing SameSite vulnerability. This can allow cookies to be sent in cross-site requests, potentially increasing exposure to cross-site request forgery and related security risks. This issue affects AION: 2.0.
CVE-2025-52627 1 Hcltech 1 Aion 2026-04-25 5.5 Medium
Root File System Not Mounted as Read-Only configuration vulnerability. This can allow unintended modifications to critical system files, potentially increasing the risk of system compromise or unauthorized changes.This issue affects AION: 2.0.
CVE-2025-52626 1 Hcltech 1 Aion 2026-04-25 4.5 Medium
A Potential Command Injection vulnerability in HCL AION.  An This can allow unintended command execution, potentially leading to unauthorized actions on the underlying system.This issue affects AION: 2.0
CVE-2025-52625 1 Hcltech 1 Aion 2026-04-25 3.7 Low
A vulnerability  Cacheable SSL Page Found vulnerability has been identified in HCL AION.  Cached data may expose credentials, system identifiers, or internal file paths to attackers with access to the device or browser This issue affects AION: 2.0.
CVE-2025-31958 1 Hcltech 1 Bigfix Service Management 2026-04-22 3.7 Low
HCL BigFix Service Management is susceptible to HTTP Request Smuggling.  HTTP request smuggling vulnerabilities arise when websites route HTTP requests through web servers with inconsistent HTTP parsing. HTTP Smuggling exploits inconsistencies in request parsing between front-end and back-end servers, allowing attackers to bypass security controls and perform attacks like cache poisoning or request hijacking.
CVE-2025-31981 1 Hcltech 1 Bigfix Service Management 2026-04-22 5.3 Medium
HCL BigFix Service Management (SM) Discovery is vulnerable to unenforced encryption due to port 80 (HTTP) being open, allowing unencrypted access.  An attacker with access to the network traffic can sniff packets from the connection and uncover the data.
CVE-2026-21765 1 Hcltech 1 Bigfix Platform 2026-04-16 8.8 High
HCL BigFix Platform is affected by insecure permissions on private cryptographic keys.  The private cryptographic keys located on a Windows host machine might be subject to overly permissive file system permissions.
CVE-2026-21767 1 Hcltech 1 Bigfix Platform 2026-04-16 4 Medium
HCL BigFix Platform is affected by insufficient authentication.  The application might allow users to access sensitive areas of the application without proper authentication.
CVE-2026-21786 2 Hclsoftware, Hcltech 2 Sametime For Ios, Sametime 2026-04-16 3.3 Low
HCL Sametime for iOS is impacted by a sensitive information disclosure. Hostnames information is written in application logs and certain URLs.
CVE-2025-0248 1 Hcltech 1 Hcl Inotes 2026-04-15 8.1 High
HCL iNotes is susceptible to a Reflected Cross-site Scripting (XSS) vulnerability caused by improper validation of user-supplied input. A remote, unauthenticated attacker can specially craft a URL to execute script in a victim's Web browser within the security context of the hosting Web site and/or steal the victim's cookie-based authentication credentials.
CVE-2025-55278 1 Hcltech 1 Devops Loop 2026-04-15 8.1 High
Improper authentication in the API authentication middleware of HCL DevOps Loop allows authentication tokens to be accepted without proper validation of their expiration and cryptographic signature. As a result, an attacker could potentially use expired or tampered tokens to gain unauthorized access to sensitive resources and perform actions with elevated privileges.
CVE-2025-52602 1 Hcltech 1 Bigfix Query 2026-04-15 4.2 Medium
HCL BigFix Query is affected by a sensitive information disclosure in the WebUI Query application.  An HTTP GET endpoint request returns discoverable responses that may disclose: group names, active user names (or IDs).  An attacker can use that information to target individuals with phishing or other social-engineering attacks.
CVE-2025-52647 1 Hcltech 1 Bigfix Webui 2026-04-15 6.1 Medium
The BigFix WebUI application responds with HOST information from the HTTP header field making it vulnerable to Host Header Poisoning Attacks.
CVE-2025-31965 1 Hcltech 1 Bigfix Remote Control 2026-04-15 8.2 High
Improper access restrictions in HCL BigFix Remote Control Server WebUI (versions 10.1.0.0248 and lower) allow non-admin users to view unauthorized information on certain web pages.
CVE-2024-30129 1 Hcltech 1 Hcl Nomad 2026-04-15 5.3 Medium
The HTTP host header can be manipulated and cause the application to behave in unexpected ways. Any changes made to the header would cause the request to be sent to a completely different domain/IP address.
CVE-2025-31995 1 Hcltech 1 Maxai Workbench 2026-04-15 3.5 Low
HCL Unica MaxAI Workbench is vulnerable to improper input validation. This allows attackers to exploit vulnerabilities such as SQL Injection, XSS, or command injection, leading to unauthorized access or data breaches, etc.
CVE-2024-23584 1 Hcltech 1 Bigfix Enterprise Suite Asset Discovery 2026-04-15 6.6 Medium
The NMAP Importer service​ may expose data store credentials to authorized users of the Windows Registry.
CVE-2025-52622 1 Hcltech 1 Bigfix Saas 2026-04-15 5.4 Medium
The BigFix SaaS's HTTP responses were missing some security headers. The absence of these headers weakens the application's client-side security posture, making it more vulnerable to common web attacks that these headers are designed to mitigate, such as Cross-Site Scripting (XSS), Clickjacking, and protocol downgrade attacks.
CVE-2024-42197 1 Hcltech 1 Workload Scheduler 2026-04-15 5.5 Medium
HCL Workload Scheduler stores user credentials in plain text which can be read by a local user.
CVE-2025-31992 1 Hcltech 1 Maxai Assistant 2026-04-15 4.6 Medium
HCL Unica MaxAI Assistant is susceptible to a HTML injection vulnerability. An attacker could insert special characters that are processed client-side in the context of the user's session.