VYPR

Vendor CVEs

HCL Software

All CVEs

380 total · sorted by risk
  • CVE-2025-59872Jun 17, 2026
    risk 0.00cvss epss 0.00

    HCL ZIE for Web is affetced by an Unrestricted File Upload vulnerability, If the server is configured to execute code, then it may be possible to obtain command execution on the server by uploading a file known as a web shell, which allows you to execute arbitrary code or…

  • CVE-2025-62340Jun 17, 2026
    risk 0.00cvss epss 0.00

    HCL iControl was affected by Inadequate Session Timeout vulnerability. The vulnerability involves a security risk where a web application fails to automatically terminate user sessions after a period of inactivity

  • CVE-2025-55261Mar 26, 2026
    risk 0.00cvss epss 0.00

    HCL Aftermarket DPC is affected by Missing Functional Level Access Control which will allow attacker to escalate his privileges and may compromise the application and may steal and manipulate the data.

  • CVE-2025-55262Mar 26, 2026
    risk 0.00cvss epss 0.00

    HCL Aftermarket DPC is affected by SQL Injection which allows attacker to exploit this vulnerability to retrieve sensitive information from the database.

  • CVE-2025-55263Mar 26, 2026
    risk 0.00cvss epss 0.00

    HCL Aftermarket DPC is affected by Hardcoded Sensitive Data which allows attacker to gain access to the source code or if it is stored in insecure repositories, they can easily retrieve these hardcoded secrets.

  • CVE-2025-55264Mar 26, 2026
    risk 0.00cvss epss 0.00

    HCL Aftermarket DPC is affected by Failure to Invalidate Session on Password Change will allow attacker to access to a session, then they can maintain control over the account despite the password change leading to account takeover.

  • CVE-2025-55265Mar 26, 2026
    risk 0.00cvss epss 0.00

    HCL Aftermarket DPC is affected by File Discovery which allows attacker could exploit this issue to read sensitive files present in the system and may use it to craft further attacks.

  • CVE-2025-55266Mar 26, 2026
    risk 0.00cvss epss 0.00

    HCL Aftermarket DPC is affected by Session Fixation which allows attacker to takeover the user's session and use it carry out unauthorized transaction behalf of the user.

  • CVE-2025-55267Mar 26, 2026
    risk 0.00cvss epss 0.00

    HCL Aftermarket DPC is affected by Unrestricted File Upload vulnerability, allows attacker to upload and execute malicious scripts, gaining full control over the server.

  • CVE-2025-55268Mar 26, 2026
    risk 0.00cvss epss 0.00

    HCL Aftermarket DPC is affected by Spamming Vulnerability which can allow the actor to excessive spamming can consume server bandwidth and processing resources which may lead to Denial of Service.

  • CVE-2025-55269Mar 26, 2026
    risk 0.00cvss epss 0.00

    HCL Aftermarket DPC is affected by Weak Password Policy vulnerability, which makes it easier for attackers to guess weak passwords or use brute-force techniques to gain unauthorized access to user accounts.

  • CVE-2025-55270Mar 26, 2026
    risk 0.00cvss epss 0.01

    HCL Aftermarket DPC is affected by Improper Input Validation which allows an attacker to inject executable code and can carry out attacks such as XSS, SQL Injection, Command Injection etc.

  • CVE-2025-55271Mar 26, 2026
    risk 0.00cvss epss 0.00

    HCL Aftermarket DPC is affected by HTTP Response Splitting vulnerability where in depending on how the web application handles the split response, an attacker may be able to execute arbitrary commands or inject harmful content into the response..

  • CVE-2025-55272Mar 26, 2026
    risk 0.00cvss epss 0.00

    HCL Aftermarket DPC is affected by Banner Disclosure vulnerability where attackers gain insights into the system’s software and version details which would allow them to craft software specific attacks.

  • CVE-2025-55273Mar 26, 2026
    risk 0.00cvss epss 0.00

    HCL Aftermarket DPC is affected by Cross Domain Script Include vulnerability where an attacker using external scripts can tamper with the DOM, altering the content or behavior of the application. Malicious scripts can steal cookies or session tokens, leading to session hijacking.

  • CVE-2025-55274Mar 26, 2026
    risk 0.00cvss epss 0.00

    HCL Aftermarket DPC is affected by Cross-Origin Resource Sharing vulnerability. CORS misconfigurations includes the exposure of sensitive user information to attackers, unauthorized access to APIs, and possible data manipulation or leakage. If an attacker to exploit CORS…

  • CVE-2025-55275Mar 26, 2026
    risk 0.00cvss epss 0.00

    HCL Aftermarket DPC is affected by Admin Session Concurrency vulnerability using which an attacker can exploit concurrent sessions to hijack or impersonate an admin user.

  • CVE-2025-55276Mar 26, 2026
    risk 0.00cvss epss 0.00

    HCL Aftermarket DPC is affected by Internal IP Disclosure vulnerability will give attackers a clearer map of the organization’s network layout.

  • CVE-2025-55277Mar 26, 2026
    risk 0.00cvss epss 0.00

    HCL Aftermarket DPC is affected by Use of Vulnerable/Outdated Versions vulnerability using which an attacker may make use of the exploits available across the internet and craft attacks against the application.

  • CVE-2026-21788Mar 19, 2026
    risk 0.00cvss epss 0.00

    HCL Connections is vulnerable to a cross-site scripting attack where an attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user which leads to executing malicious script code.  This may allow the attacker steal cookie-based…

  • CVE-2025-62328Mar 11, 2026
    risk 0.00cvss epss 0.00

    HCL Nomad server on Domino did not configure the frame-ancestors directive in the Content-Security-Policy header by default which could allow an attacker to obtain sensitive information via unspecified vectors.

  • CVE-2026-21786Mar 5, 2026
    risk 0.00cvss epss 0.00

    HCL Sametime for iOS is impacted by a sensitive information disclosure. Hostnames information is written in application logs and certain URLs.

  • CVE-2025-62326Feb 20, 2026
    risk 0.00cvss epss 0.00

    HCL Digital Experience is susceptible to stored cross-site scripting (XSS) in the administrative user interface which would require elevated privileges to exploit.

  • CVE-2025-52603Feb 20, 2026
    risk 0.00cvss epss 0.00

    HCL Connections is vulnerable to information disclosure. In a very specific user navigation scenario, this could allow a user to obtain limited information when a single piece of internal metadata is returned in the browser.

  • CVE-2023-37525Jan 28, 2026
    risk 0.00cvss epss 0.00

    A sensitive information disclosure in HCL BigFix Compliance allows a remote attacker to access files under the WEB-INF directory, which may contain Java class files and configuration information, leading to unauthorized access to application internals.

  • CVE-2025-59870Jan 16, 2026
    risk 0.00cvss epss 0.00

    HCL MyXalytics  is affected by improper management of a static JWT signing secret in the web application, where the secret lacks rotation , introducing a security risk

  • CVE-2025-55254Dec 17, 2025
    risk 0.00cvss epss 0.00

    Improper management of Path-relative stylesheet import in HCL BigFix Remote Control Lite Web Portal (versions 10.1.0.0326 and lower) may allow to execute malicious code in certain web pages.

  • CVE-2025-59849Dec 17, 2025
    risk 0.00cvss epss 0.00

    Improper management of Content Security Policy in HCL BigFix Remote Control Lite Web Portal (versions 10.1.0.0326 and lower) may allow the execution of malicious code in web pages.

  • CVE-2025-62329Dec 16, 2025
    risk 0.00cvss epss 0.00

    HCL DevOps Deploy / HCL Launch is susceptible to a race condition in http-session client-IP binding enforcement which may allow a session to be briefly reused from a new IP address before it is invalidated. This could lead to unauthorized access under certain network conditions.

  • CVE-2025-51733Nov 28, 2025
    risk 0.00cvss epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in HCL Technologies Ltd. Unica 12.0.0.

  • CVE-2025-52639Nov 18, 2025
    risk 0.00cvss epss 0.00

    HCL Connections is vulnerable to a sensitive information disclosure vulnerability which could allow a user to obtain sensitive information they are not entitled to, caused by improper rendering of application data.

  • CVE-2025-31954Nov 5, 2025
    risk 0.00cvss epss 0.00

    HCL iAutomate v6.5.1 and v6.5.2 is susceptible to a sensitive information disclosure. An HTTP GET method is used to process a request and includes sensitive information in the query string of that request. An attacker could potentially access information or resources they were…

  • CVE-2024-42192Oct 16, 2025
    risk 0.00cvss epss 0.00

    HCL Traveler for Microsoft Outlook (HTMO) is susceptible to a credential leakage which could allow an attacker to access other computers or applications.

  • CVE-2025-0277Oct 16, 2025
    risk 0.00cvss epss 0.00

    HCL BigFix Mobile 3.3 and earlier are vulnerable to certain insecure directives within the Content Security Policy (CSP). An attacker could trick users into performing actions by not properly restricting the sources of scripts and other content.

  • CVE-2025-0276Oct 16, 2025
    risk 0.00cvss epss 0.00

    HCL BigFix Modern Client Management (MCM) 3.3 and earlier are vulnerable to certain insecure directives within the Content Security Policy (CSP). An attacker could trick users into performing actions by not properly restricting the sources of scripts and other content.

  • CVE-2025-0275Oct 16, 2025
    risk 0.00cvss epss 0.00

    HCL BigFix Mobile 3.3 and earlier is affected by improper access control. Unauthorized users can access a small subset of endpoint actions, potentially allowing access to select internal functions.

  • CVE-2025-0274Oct 16, 2025
    risk 0.00cvss epss 0.00

    HCL BigFix Modern Client Management (MCM) 3.3 and earlier is affected by improper access control. Unauthorized users can access a small subset of endpoint actions, potentially allowing access to select internal functions.

  • CVE-2025-31996Oct 13, 2025
    risk 0.00cvss epss 0.00

    HCL Unica Platform is affected by unprotected files due to improper access controls.  These files may contain sensitive information such as private or system information that can be exploited by attackers to compromise the application, infrastructure, or users.

  • CVE-2025-52615Oct 12, 2025
    risk 0.00cvss epss 0.00

    HCL Unica Platform is impacted by misconfigured security related HTTP headers. This can lead to less secure browser default treatment for the policies controlled by these headers.

  • CVE-2025-52614Oct 12, 2025
    risk 0.00cvss epss 0.00

    HCL Unica Platform is affected by a Cookie without HTTPOnly Flag Set vulnerability. A malicious agent may be able to induce this event by feeding a user suitable links, either directly or via another web site.

  • CVE-2025-31969Oct 12, 2025
    risk 0.00cvss epss 0.00

    HCL Unica Platform is impacted by misconfigured Content Security Policy (CSP). These can result in malicious resources getting loaded and browsers may come across certain types of attacks, such as cross-site scripting and clickjacking.

  • CVE-2025-52616Oct 12, 2025
    risk 0.00cvss epss 0.00

    HCL Unica 12.1.10 can expose sensitive system information. An attacker could use this information to form an attack plan by leveraging known vulnerabilities in the application.

  • CVE-2025-21070Oct 10, 2025
    risk 0.00cvss epss 0.00

    Out-of-bounds write in the SPI decoder in Samsung Notes prior to version 4.4.30.63 allows local attackers to write out-of-bounds memory.

  • CVE-2025-21067Oct 10, 2025
    risk 0.00cvss epss 0.00

    Out-of-bounds read in the allocation of image buffer in Samsung Notes prior to version 4.4.30.63 allows local attackers to access out-of-bounds memory.

  • CVE-2025-21057Oct 10, 2025
    risk 0.00cvss epss 0.00

    Use of implicit intent for sensitive communication in Samsung Notes prior to version 4.4.30.63 allows local attackers to access shared notes.

  • CVE-2025-52656Oct 3, 2025
    risk 0.00cvss epss 0.00

    HCL MyXalytics: 6.6.  is affected by Mass Assignment vulnerability. Mass Assignment occurs when user input is automatically bound to application objects without proper validation or access controls, potentially allowing unauthorized modification of sensitive fields.

  • CVE-2025-52658Oct 3, 2025
    risk 0.00cvss epss 0.00

    HCL MyXalytics is affected by the use of vulnerable/outdated versions which can expose the application to known security risks that could be exploited.

  • CVE-2025-52654Oct 3, 2025
    risk 0.00cvss epss 0.00

    HCL MyXalytics v6.6 is affected by an HTML Injection. This issue occurs when untrusted input is included in the output without proper handling, potentially allowing unauthorized content injection and manipulation.

  • CVE-2025-52653Oct 3, 2025
    risk 0.00cvss epss 0.00

    HCL MyXalytics product is affected by Cross Site Scripting vulnerability in the web application. This can allow the execution of unauthorized scripts, potentially resulting in unauthorized actions or access.

  • CVE-2025-31977Aug 28, 2025
    risk 0.00cvss epss 0.00

    HCL BigFix SM is affected by cryptographic weakness due to weak or outdated encryption algorithms.  An attacker with network access could exploit this weakness to decrypt or manipulate encrypted communications under certain conditions.

Page 2 of 8