Search
Search Results (5 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-21836 | 1 Hclsoftware | 1 Dominoiq | 2026-05-21 | 6.5 Medium |
| The HCL DominoIQ RAG feature is affected by a Broken Access Control vulnerability. Under certain circumstances, document level access restrictions will be ignored when determining what data to return from an AI query. This could enable an authenticated attacker to view sensitive data. | ||||
| CVE-2026-21821 | 1 Hclsoftware | 1 Bigfix Scm Reporting | 2026-05-14 | 8.3 High |
| The HCL BigFix SCM Reporting site contains an outdated and unsupported version of the jQuery 1.x library. Since jQuery 1.x has reached end-of-life and no longer receives security updates, it may expose the application to publicly known security weaknesses and increase the risk of client-side attacks such as Cross-Site Scripting (XSS) or manipulation through vulnerable third-party components. | ||||
| CVE-2025-31991 | 1 Hclsoftware | 1 Velocity | 2026-04-17 | 6.8 Medium |
| Rate Limiting for attempting a user login is not being properly enforced, making HCL DevOps Velocity susceptible to brute-force attacks past the unsuccessful login attempt limit. This vulnerability is fixed in 5.1.7. | ||||
| CVE-2026-21786 | 2 Hclsoftware, Hcltech | 2 Sametime For Ios, Sametime | 2026-04-16 | 3.3 Low |
| HCL Sametime for iOS is impacted by a sensitive information disclosure. Hostnames information is written in application logs and certain URLs. | ||||
| CVE-2025-31990 | 1 Hclsoftware | 1 Hcl Devops Velocity | 2026-04-15 | 6.8 Medium |
| Rate limiting for certain API calls is not being enforced, making HCL Velocity vulnerable to Denial of Service (DoS) attacks. An attacker could flood the system with a large number of requests, overwhelming its resources and causing it to become unresponsive to legitimate users. This vulnerability is fixed in 5.1.7. | ||||
Page 1 of 1.