Vendor CVEs
HCL Software
All CVEs
380 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-62319 | Cri | 0.64 | 9.8 | 0.00 | Mar 16, 2026 | Boolean-Based SQL Injection is a type of blind SQL injection where an attacker manipulates SQL queries by injecting Boolean conditions (TRUE or FALSE) into application input fields. Instead of returning database errors or visible data, the application responds differently… | ||
| CVE-2025-31951 | Hig | 0.57 | 8.8 | 0.00 | May 6, 2026 | HCL BigFix RunBookAI is affected by a Unvalidated Command Input / Potential Command Smuggling vulnerability. A flaw in a component's input handling was identified that could permit unauthorized command execution. | ||
| CVE-2026-21821 | Hig | 0.54 | 8.3 | 0.00 | May 13, 2026 | The HCL BigFix SCM Reporting site contains an outdated and unsupported version of the jQuery 1.x library. Since jQuery 1.x has reached end-of-life and no longer receives security updates, it may expose the application to publicly known security weaknesses and increase the risk… | ||
| CVE-2025-59874 | Hig | 0.53 | 8.1 | 0.00 | Jun 4, 2026 | HCL Hive Telco Observability is affected by a Required directives missing from the CSP issue is detected in keycloak component of the web application. Missing essential directives can leave a site vulnerable. | ||
| CVE-2025-55278 | Hig | 0.53 | 8.1 | 0.00 | Nov 5, 2025 | Improper authentication in the API authentication middleware of HCL DevOps Loop allows authentication tokens to be accepted without proper validation of their expiration and cryptographic signature. As a result, an attacker could potentially use expired or tampered tokens to… | ||
| CVE-2025-31965 | Hig | 0.53 | 8.2 | 0.00 | Jul 29, 2025 | Improper access restrictions in HCL BigFix Remote Control Server WebUI (versions 10.1.0.0248 and lower) allow non-admin users to view unauthorized information on certain web pages. | ||
| CVE-2021-47970 | Hig | 0.49 | 7.5 | 0.00 | May 16, 2026 | Macaron Notes 5.5 contains a denial of service vulnerability that allows attackers to crash the application by creating notes with excessively long character strings. Attackers can generate a payload containing 350000 repeated characters and paste it into a note field to trigger… | ||
| CVE-2025-0280 | Hig | 0.49 | 7.5 | 0.00 | Sep 3, 2025 | A security vulnerability in HCL Compass can allow attacker to gain unauthorized database access. | ||
| CVE-2025-52612 | Hig | 0.46 | 7.1 | 0.00 | Jun 4, 2026 | HCL iControl was affected by Export CSV - CSV Injection vulnerability. It is vulnerable to a reflected cross-site scripting vulnerability. This was caused by an insufficient sanitation of input parameters. . | ||
| CVE-2025-31991 | Med | 0.44 | 6.8 | 0.00 | Apr 13, 2026 | Rate Limiting for attempting a user login is not being properly enforced, making HCL DevOps Velocity susceptible to brute-force attacks past the unsuccessful login attempt limit. This vulnerability is fixed in 5.1.7. | ||
| CVE-2025-62346 | Med | 0.44 | 6.8 | 0.00 | Nov 20, 2025 | A Cross-Site Request Forgery (CSRF) vulnerability was identified in HCL Glovius Cloud. An attacker can force a user's web browser to execute an unwanted, malicious action on a trusted site where the user is authenticated, specifically on one endpoint. | ||
| CVE-2024-23589 | Med | 0.44 | 6.8 | 0.00 | May 30, 2025 | Due to outdated Hash algorithm, HCL Glovius Cloud could allow attackers to guess the input data using brute-force or dictionary attacks efficiently using modern hardware such as GPUs or ASICs | ||
| CVE-2024-23584 | Med | 0.43 | 6.6 | 0.00 | Apr 8, 2024 | The NMAP Importer service may expose data store credentials to authorized users of the Windows Registry. | ||
| CVE-2026-21836 | Med | 0.42 | 6.5 | 0.00 | May 20, 2026 | The HCL DominoIQ RAG feature is affected by a Broken Access Control vulnerability. Under certain circumstances, document level access restrictions will be ignored when determining what data to return from an AI query. This could enable an authenticated attacker to view… | ||
| CVE-2024-23580 | Med | 0.42 | 6.5 | 0.00 | May 28, 2024 | HCL DRYiCE Optibot Reset Station is impacted by insecure encryption of One-Time Passwords (OTPs). This could allow an attacker with access to the database to recover some or all encrypted values. | ||
| CVE-2024-23579 | Med | 0.42 | 6.5 | 0.00 | May 28, 2024 | HCL DRYiCE Optibot Reset Station is impacted by insecure encryption of security questions. This could allow an attacker with access to the database to recover some or all encrypted values. | ||
| CVE-2023-37526 | Med | 0.42 | 6.5 | 0.00 | May 14, 2024 | HCL DRYiCE Lucy (now AEX) is affected by a Cross Origin Resource Sharing (CORS) vulnerability. The mobile app is vulnerable to a CORS misconfiguration which could potentially allow unauthorized access to the application resources from any web domain and enable cache poisoning… | ||
| CVE-2026-21826 | Med | 0.40 | 6.1 | 0.00 | Jun 5, 2026 | HCL Digital Experience and HCL Digital Experience Compose could be susceptible to Host header injection. An attacker can manipulate the Host header and cause the application to behave in unexpected ways. | ||
| CVE-2025-52647 | Med | 0.40 | 6.1 | 0.00 | Oct 10, 2025 | The BigFix WebUI application responds with HOST information from the HTTP header field making it vulnerable to Host Header Poisoning Attacks. | ||
| CVE-2025-59873 | Med | 0.38 | 5.9 | 0.00 | Feb 23, 2026 | An information exposure vulnerability exists in Vulnerability in HCL Software ZIE for Web. The application transmits sensitive session tokens and authentication identifiers within the URL query parameters . An attacker who gains access to any network log or operates a site… | ||
| CVE-2025-0254 | Med | 0.38 | 5.9 | 0.00 | Mar 20, 2025 | HCL Digital Experience components Ring API and dxclient may be vulnerable to man-in-the-middle (MitM) attacks prior to 9.5 CF226. An attacker could intercept and potentially alter communication between two parties. | ||
| CVE-2024-42197 | Med | 0.36 | 5.5 | 0.00 | Dec 11, 2025 | HCL Workload Scheduler stores user credentials in plain text which can be read by a local user. | ||
| CVE-2025-52622 | Med | 0.35 | 5.4 | 0.00 | Dec 2, 2025 | The BigFix SaaS's HTTP responses were missing some security headers. The absence of these headers weakens the application's client-side security posture, making it more vulnerable to common web attacks that these headers are designed to mitigate, such as Cross-Site Scripting… | ||
| CVE-2025-31979 | Med | 0.35 | 5.4 | 0.00 | Aug 28, 2025 | A File Upload Validation Bypass vulnerability has been identified in the HCL BigFix SM, where the application fails to properly enforce file type restrictions during the upload process. An attacker may exploit this flaw to upload malicious or unauthorized files, such as scripts,… | ||
| CVE-2024-42187 | Med | 0.34 | 5.3 | 0.00 | Jan 23, 2025 | BigFix Patch Download Plug-ins are affected by path traversal vulnerability. The application could allow operators to download files from a local repository which is vulnerable to path traversal attacks. | ||
| CVE-2025-31971 | Med | 0.33 | 5.1 | 0.00 | Aug 28, 2025 | AIML Solutions for HCL SX is vulnerable to a URL validation vulnerability. The issue may allow attackers to launch a server-side request forgery (SSRF) attack enabling unauthorized network calls from the system, potentially exposing internal services or sensitive information. | ||
| CVE-2025-31992 | Med | 0.30 | 4.6 | 0.00 | Oct 12, 2025 | HCL Unica MaxAI Assistant is susceptible to a HTML injection vulnerability. An attacker could insert special characters that are processed client-side in the context of the user's session. | ||
| CVE-2023-45707 | Med | 0.29 | 4.4 | 0.00 | Jun 8, 2024 | HCL Connections Docs is vulnerable to a cross-site scripting attack where an attacker may leverage this issue to execute arbitrary code. This may lead to credentials disclosure and possibly launch additional attacks. | ||
| CVE-2025-52606 | Med | 0.28 | 4.3 | 0.00 | Jun 4, 2026 | HCL iControl was affected by Weak Input Validation vulnerability. This weakness is caused during implementation of an architectural security tactic. Received input that is expected to be of a certain type, but it does not validate or incorrectly validates that the input is… | ||
| CVE-2024-30143 | Med | 0.28 | 4.3 | 0.00 | Mar 13, 2025 | HCL AppScan Traffic Recorder fails to adequately neutralize special characters within the filename, potentially allowing it to resolve to a location beyond the restricted directory. Potential exploits can completely disrupt or takeover the application or the computer where the… | ||
| CVE-2025-52602 | Med | 0.27 | 4.2 | 0.00 | Nov 5, 2025 | HCL BigFix Query is affected by a sensitive information disclosure in the WebUI Query application. An HTTP GET endpoint request returns discoverable responses that may disclose: group names, active user names (or IDs). An attacker can use that information to target… | ||
| CVE-2026-21785 | Med | 0.26 | 4.0 | 0.00 | May 27, 2026 | A misconfigured Content Security Policy (CSP) in HCL BigFix Remote Control Server WebUI (versions 10.1.0.0442 and earlier) fails to define directives without fallbacks, allowing attackers to bypass intended security restrictions and load unauthorized resources. | ||
| CVE-2025-52609 | Low | 0.24 | 3.7 | 0.00 | Jun 4, 2026 | HCL iControl was affected by Missing Security Headers vulnerability. which lead to cross-site scripting (XSS) attacks by enabling the built-in XSS filtering mechanisms of modern web browsers. | ||
| CVE-2024-30119 | Low | 0.24 | 3.7 | 0.00 | Jun 14, 2024 | HCL DRYiCE Optibot Reset Station is impacted by a missing Strict Transport Security Header. This could allow an attacker to intercept or manipulate data during redirection. | ||
| CVE-2025-31995 | Low | 0.23 | 3.5 | 0.01 | Oct 13, 2025 | HCL Unica MaxAI Workbench is vulnerable to improper input validation. This allows attackers to exploit vulnerabilities such as SQL Injection, XSS, or command injection, leading to unauthorized access or data breaches, etc. | ||
| CVE-2025-62338 | Low | 0.21 | 3.3 | 0.00 | Jun 4, 2026 | HCL BigFix Cloud Lifecycle Management is affected by lack of input validation. This low-level flaw allows unauthorized access and may lead to information exposure. | ||
| CVE-2026-21791 | Low | 0.21 | 3.3 | 0.00 | Mar 10, 2026 | HCL Sametime for Android is impacted by a sensitive information disclosure. Hostnames information is written in application logs and certain URL | ||
| CVE-2025-52611 | Low | 0.20 | 3.1 | 0.00 | Jun 4, 2026 | HCL iControl v4.0.0 was affected by Unhandled Exception - Stack Trace Disclosure vulnerability. The error occurs due to an undefined property being accessed in the application's JavaScript code. Specifically, the code attempts to read the property dashboard key from an object… | ||
| CVE-2025-52608 | Low | 0.20 | 3.1 | 0.00 | Jun 4, 2026 | HCL iControl was affected by Missing Cookie Attributes vulnerability. It was observed that the application is missing several critical cookie attributes, including Secure and SameSite. And also path is set to root. | ||
| CVE-2024-42206 | Low | 0.20 | 3.1 | 0.00 | Jun 2, 2026 | HCL iReflection Third party vulnerable and outdated components issue was detected in the web application | ||
| CVE-2025-52655 | Low | 0.20 | 3.1 | 0.00 | Oct 10, 2025 | Inclusion of Functionality from Untrusted Control Sphere vulnerability in HCL MyXalytics. v6.6 allows Loading third-party scripts without integrity checks or validation can allow external code run in the application's context, risking data exposure. | ||
| CVE-2024-30120 | Low | 0.19 | 2.9 | 0.00 | Jun 14, 2024 | HCL DRYiCE Optibot Reset Station is impacted by an Unused Parameter in the web application. | ||
| CVE-2025-62345 | Low | 0.18 | 2.7 | 0.00 | May 6, 2026 | HCL BigFix RunBookAI is affected by a Continued availability of Less-Secure “Input Text” Vulnerability . A component contains a security weakness in its input handling implementation, increasing the risk of misconfiguration and operational errors. | ||
| CVE-2024-42186 | Low | 0.18 | 2.8 | 0.00 | Jan 23, 2025 | BigFix Patch Download Plug-ins are affected by an insecure protocol support. The application can allow improper handling of SSL certificates validation. | ||
| CVE-2024-42184 | Low | 0.16 | 2.5 | 0.00 | Jan 23, 2025 | BigFix Patch Download Plug-ins are affected by insecure support for file URI scheme. It could allow a malicious operator to attempt to download files using the file:// URI scheme. | ||
| CVE-2024-42183 | Low | 0.16 | 2.5 | 0.00 | Jan 23, 2025 | BigFix Patch Download Plug-ins are affected by an arbitrary file download vulnerability. It could allow a malicious operator to download files from arbitrary URLs without any proper validation or allowlist controls. | ||
| CVE-2024-42182 | Low | 0.16 | 2.5 | 0.00 | Jan 23, 2025 | BigFix Patch Download Plug-ins are affected by Server-Side Request Forgery (SSRF) vulnerability. It may allow the application to download files from an internally hosted server on localhost. | ||
| CVE-2002-0370 | 0.03 | — | 0.43 | Oct 10, 2002 | Buffer overflow in the ZIP capability for multiple products allows remote attackers to cause a denial of service or execute arbitrary code via ZIP files containing entries with long filenames, including (1) Microsoft Windows 98 with Plus! Pack, (2) Windows XP, (3) Windows ME,… | |||
| CVE-2005-2618 | 0.01 | — | 0.08 | Dec 31, 2005 | Multiple stack-based buffer overflows in Autonomy (formerly Verity) KeyView SDK before 9.2.0, as used in Lotus Notes 6.5.4 and 7.0, allow remote attackers to execute arbitrary code via (1) a UUE file containing an encoded file with a long filename handled by uudrdr.dll, (2) a… | |||
| CVE-2026-21768 | 0.00 | — | 0.00 | Jun 19, 2026 | The compose-rich-editor library (v1.0.0-rc14) used in HCL Verse for Android's rich text email composition fails to properly validate all HTML input thereby allowing malicious content to be executed in certain situations. |
- risk 0.64cvss 9.8epss 0.00
Boolean-Based SQL Injection is a type of blind SQL injection where an attacker manipulates SQL queries by injecting Boolean conditions (TRUE or FALSE) into application input fields. Instead of returning database errors or visible data, the application responds differently…
- risk 0.57cvss 8.8epss 0.00
HCL BigFix RunBookAI is affected by a Unvalidated Command Input / Potential Command Smuggling vulnerability. A flaw in a component's input handling was identified that could permit unauthorized command execution.
- risk 0.54cvss 8.3epss 0.00
The HCL BigFix SCM Reporting site contains an outdated and unsupported version of the jQuery 1.x library. Since jQuery 1.x has reached end-of-life and no longer receives security updates, it may expose the application to publicly known security weaknesses and increase the risk…
- risk 0.53cvss 8.1epss 0.00
HCL Hive Telco Observability is affected by a Required directives missing from the CSP issue is detected in keycloak component of the web application. Missing essential directives can leave a site vulnerable.
- risk 0.53cvss 8.1epss 0.00
Improper authentication in the API authentication middleware of HCL DevOps Loop allows authentication tokens to be accepted without proper validation of their expiration and cryptographic signature. As a result, an attacker could potentially use expired or tampered tokens to…
- risk 0.53cvss 8.2epss 0.00
Improper access restrictions in HCL BigFix Remote Control Server WebUI (versions 10.1.0.0248 and lower) allow non-admin users to view unauthorized information on certain web pages.
- risk 0.49cvss 7.5epss 0.00
Macaron Notes 5.5 contains a denial of service vulnerability that allows attackers to crash the application by creating notes with excessively long character strings. Attackers can generate a payload containing 350000 repeated characters and paste it into a note field to trigger…
- risk 0.49cvss 7.5epss 0.00
A security vulnerability in HCL Compass can allow attacker to gain unauthorized database access.
- risk 0.46cvss 7.1epss 0.00
HCL iControl was affected by Export CSV - CSV Injection vulnerability. It is vulnerable to a reflected cross-site scripting vulnerability. This was caused by an insufficient sanitation of input parameters. .
- risk 0.44cvss 6.8epss 0.00
Rate Limiting for attempting a user login is not being properly enforced, making HCL DevOps Velocity susceptible to brute-force attacks past the unsuccessful login attempt limit. This vulnerability is fixed in 5.1.7.
- risk 0.44cvss 6.8epss 0.00
A Cross-Site Request Forgery (CSRF) vulnerability was identified in HCL Glovius Cloud. An attacker can force a user's web browser to execute an unwanted, malicious action on a trusted site where the user is authenticated, specifically on one endpoint.
- risk 0.44cvss 6.8epss 0.00
Due to outdated Hash algorithm, HCL Glovius Cloud could allow attackers to guess the input data using brute-force or dictionary attacks efficiently using modern hardware such as GPUs or ASICs
- risk 0.43cvss 6.6epss 0.00
The NMAP Importer service may expose data store credentials to authorized users of the Windows Registry.
- risk 0.42cvss 6.5epss 0.00
The HCL DominoIQ RAG feature is affected by a Broken Access Control vulnerability. Under certain circumstances, document level access restrictions will be ignored when determining what data to return from an AI query. This could enable an authenticated attacker to view…
- risk 0.42cvss 6.5epss 0.00
HCL DRYiCE Optibot Reset Station is impacted by insecure encryption of One-Time Passwords (OTPs). This could allow an attacker with access to the database to recover some or all encrypted values.
- risk 0.42cvss 6.5epss 0.00
HCL DRYiCE Optibot Reset Station is impacted by insecure encryption of security questions. This could allow an attacker with access to the database to recover some or all encrypted values.
- risk 0.42cvss 6.5epss 0.00
HCL DRYiCE Lucy (now AEX) is affected by a Cross Origin Resource Sharing (CORS) vulnerability. The mobile app is vulnerable to a CORS misconfiguration which could potentially allow unauthorized access to the application resources from any web domain and enable cache poisoning…
- risk 0.40cvss 6.1epss 0.00
HCL Digital Experience and HCL Digital Experience Compose could be susceptible to Host header injection. An attacker can manipulate the Host header and cause the application to behave in unexpected ways.
- risk 0.40cvss 6.1epss 0.00
The BigFix WebUI application responds with HOST information from the HTTP header field making it vulnerable to Host Header Poisoning Attacks.
- risk 0.38cvss 5.9epss 0.00
An information exposure vulnerability exists in Vulnerability in HCL Software ZIE for Web. The application transmits sensitive session tokens and authentication identifiers within the URL query parameters . An attacker who gains access to any network log or operates a site…
- risk 0.38cvss 5.9epss 0.00
HCL Digital Experience components Ring API and dxclient may be vulnerable to man-in-the-middle (MitM) attacks prior to 9.5 CF226. An attacker could intercept and potentially alter communication between two parties.
- risk 0.36cvss 5.5epss 0.00
HCL Workload Scheduler stores user credentials in plain text which can be read by a local user.
- risk 0.35cvss 5.4epss 0.00
The BigFix SaaS's HTTP responses were missing some security headers. The absence of these headers weakens the application's client-side security posture, making it more vulnerable to common web attacks that these headers are designed to mitigate, such as Cross-Site Scripting…
- risk 0.35cvss 5.4epss 0.00
A File Upload Validation Bypass vulnerability has been identified in the HCL BigFix SM, where the application fails to properly enforce file type restrictions during the upload process. An attacker may exploit this flaw to upload malicious or unauthorized files, such as scripts,…
- risk 0.34cvss 5.3epss 0.00
BigFix Patch Download Plug-ins are affected by path traversal vulnerability. The application could allow operators to download files from a local repository which is vulnerable to path traversal attacks.
- risk 0.33cvss 5.1epss 0.00
AIML Solutions for HCL SX is vulnerable to a URL validation vulnerability. The issue may allow attackers to launch a server-side request forgery (SSRF) attack enabling unauthorized network calls from the system, potentially exposing internal services or sensitive information.
- risk 0.30cvss 4.6epss 0.00
HCL Unica MaxAI Assistant is susceptible to a HTML injection vulnerability. An attacker could insert special characters that are processed client-side in the context of the user's session.
- risk 0.29cvss 4.4epss 0.00
HCL Connections Docs is vulnerable to a cross-site scripting attack where an attacker may leverage this issue to execute arbitrary code. This may lead to credentials disclosure and possibly launch additional attacks.
- risk 0.28cvss 4.3epss 0.00
HCL iControl was affected by Weak Input Validation vulnerability. This weakness is caused during implementation of an architectural security tactic. Received input that is expected to be of a certain type, but it does not validate or incorrectly validates that the input is…
- risk 0.28cvss 4.3epss 0.00
HCL AppScan Traffic Recorder fails to adequately neutralize special characters within the filename, potentially allowing it to resolve to a location beyond the restricted directory. Potential exploits can completely disrupt or takeover the application or the computer where the…
- risk 0.27cvss 4.2epss 0.00
HCL BigFix Query is affected by a sensitive information disclosure in the WebUI Query application. An HTTP GET endpoint request returns discoverable responses that may disclose: group names, active user names (or IDs). An attacker can use that information to target…
- risk 0.26cvss 4.0epss 0.00
A misconfigured Content Security Policy (CSP) in HCL BigFix Remote Control Server WebUI (versions 10.1.0.0442 and earlier) fails to define directives without fallbacks, allowing attackers to bypass intended security restrictions and load unauthorized resources.
- risk 0.24cvss 3.7epss 0.00
HCL iControl was affected by Missing Security Headers vulnerability. which lead to cross-site scripting (XSS) attacks by enabling the built-in XSS filtering mechanisms of modern web browsers.
- risk 0.24cvss 3.7epss 0.00
HCL DRYiCE Optibot Reset Station is impacted by a missing Strict Transport Security Header. This could allow an attacker to intercept or manipulate data during redirection.
- risk 0.23cvss 3.5epss 0.01
HCL Unica MaxAI Workbench is vulnerable to improper input validation. This allows attackers to exploit vulnerabilities such as SQL Injection, XSS, or command injection, leading to unauthorized access or data breaches, etc.
- risk 0.21cvss 3.3epss 0.00
HCL BigFix Cloud Lifecycle Management is affected by lack of input validation. This low-level flaw allows unauthorized access and may lead to information exposure.
- risk 0.21cvss 3.3epss 0.00
HCL Sametime for Android is impacted by a sensitive information disclosure. Hostnames information is written in application logs and certain URL
- risk 0.20cvss 3.1epss 0.00
HCL iControl v4.0.0 was affected by Unhandled Exception - Stack Trace Disclosure vulnerability. The error occurs due to an undefined property being accessed in the application's JavaScript code. Specifically, the code attempts to read the property dashboard key from an object…
- risk 0.20cvss 3.1epss 0.00
HCL iControl was affected by Missing Cookie Attributes vulnerability. It was observed that the application is missing several critical cookie attributes, including Secure and SameSite. And also path is set to root.
- risk 0.20cvss 3.1epss 0.00
HCL iReflection Third party vulnerable and outdated components issue was detected in the web application
- risk 0.20cvss 3.1epss 0.00
Inclusion of Functionality from Untrusted Control Sphere vulnerability in HCL MyXalytics. v6.6 allows Loading third-party scripts without integrity checks or validation can allow external code run in the application's context, risking data exposure.
- risk 0.19cvss 2.9epss 0.00
HCL DRYiCE Optibot Reset Station is impacted by an Unused Parameter in the web application.
- risk 0.18cvss 2.7epss 0.00
HCL BigFix RunBookAI is affected by a Continued availability of Less-Secure “Input Text” Vulnerability . A component contains a security weakness in its input handling implementation, increasing the risk of misconfiguration and operational errors.
- risk 0.18cvss 2.8epss 0.00
BigFix Patch Download Plug-ins are affected by an insecure protocol support. The application can allow improper handling of SSL certificates validation.
- risk 0.16cvss 2.5epss 0.00
BigFix Patch Download Plug-ins are affected by insecure support for file URI scheme. It could allow a malicious operator to attempt to download files using the file:// URI scheme.
- risk 0.16cvss 2.5epss 0.00
BigFix Patch Download Plug-ins are affected by an arbitrary file download vulnerability. It could allow a malicious operator to download files from arbitrary URLs without any proper validation or allowlist controls.
- risk 0.16cvss 2.5epss 0.00
BigFix Patch Download Plug-ins are affected by Server-Side Request Forgery (SSRF) vulnerability. It may allow the application to download files from an internally hosted server on localhost.
- CVE-2002-0370Oct 10, 2002risk 0.03cvss —epss 0.43
Buffer overflow in the ZIP capability for multiple products allows remote attackers to cause a denial of service or execute arbitrary code via ZIP files containing entries with long filenames, including (1) Microsoft Windows 98 with Plus! Pack, (2) Windows XP, (3) Windows ME,…
- CVE-2005-2618Dec 31, 2005risk 0.01cvss —epss 0.08
Multiple stack-based buffer overflows in Autonomy (formerly Verity) KeyView SDK before 9.2.0, as used in Lotus Notes 6.5.4 and 7.0, allow remote attackers to execute arbitrary code via (1) a UUE file containing an encoded file with a long filename handled by uudrdr.dll, (2) a…
- CVE-2026-21768Jun 19, 2026risk 0.00cvss —epss 0.00
The compose-rich-editor library (v1.0.0-rc14) used in HCL Verse for Android's rich text email composition fails to properly validate all HTML input thereby allowing malicious content to be executed in certain situations.
Page 1 of 8