Filtered by vendor Hcltech
Subscriptions
Total
327 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-44760 | 1 Hcltech | 1 Hcl Leap | 2025-11-17 | 4.6 Medium |
| Unsafe default file type filter policy in HCL Leap allows execution of unsafe JavaScript in deployed applications. | ||||
| CVE-2024-30147 | 1 Hcltech | 1 Hcl Leap | 2025-11-17 | 6.5 Medium |
| Multiple vectors in HCL Leap allow client-side script injection in the authoring environment and deployed applications. | ||||
| CVE-2024-30114 | 1 Hcltech | 1 Hcl Leap | 2025-11-17 | 3.7 Low |
| Insufficient sanitization in HCL Leap allows client-side script injection in the authoring environment. | ||||
| CVE-2024-30113 | 1 Hcltech | 1 Hcl Leap | 2025-11-17 | 6.3 Medium |
| Insufficient sanitization policy in HCL Leap allows client-side script injection in the deployed application through the HTML widget. | ||||
| CVE-2023-45720 | 1 Hcltech | 1 Hcl Leap | 2025-11-17 | 5.3 Medium |
| Insufficient default configuration in HCL Leap allows anonymous access to directory information. | ||||
| CVE-2023-37534 | 1 Hcltech | 1 Hcl Leap | 2025-11-17 | 7.1 High |
| Insufficient URI protocol whitelist in HCL Leap allows script injection through query parameters. | ||||
| CVE-2024-30148 | 1 Hcltech | 1 Hcl Leap | 2025-11-17 | 4.1 Medium |
| Improper access control of endpoint in HCL Leap allows certain admin users to import applications from the server's filesystem. | ||||
| CVE-2025-52602 | 1 Hcltech | 1 Bigfix Query | 2025-11-12 | 4.2 Medium |
| HCL BigFix Query is affected by a sensitive information disclosure in the WebUI Query application. An HTTP GET endpoint request returns discoverable responses that may disclose: group names, active user names (or IDs). An attacker can use that information to target individuals with phishing or other social-engineering attacks. | ||||
| CVE-2025-31954 | 1 Hcltech | 2 Dryice Iautomate, Iautomate | 2025-11-07 | 5.4 Medium |
| HCL iAutomate v6.5.1 and v6.5.2 is susceptible to a sensitive information disclosure. An HTTP GET method is used to process a request and includes sensitive information in the query string of that request. An attacker could potentially access information or resources they were not intended to see. | ||||
| CVE-2024-30145 | 1 Hcltech | 1 Domino Leap | 2025-11-07 | 6.5 Medium |
| Multiple vectors in HCL Domino Volt and Domino Leap allow client-side script injection in the authoring environment and deployed applications. | ||||
| CVE-2025-55278 | 1 Hcltech | 1 Devops Loop | 2025-11-06 | 8.1 High |
| Improper authentication in the API authentication middleware of HCL DevOps Loop allows authentication tokens to be accepted without proper validation of their expiration and cryptographic signature. As a result, an attacker could potentially use expired or tampered tokens to gain unauthorized access to sensitive resources and perform actions with elevated privileges. | ||||
| CVE-2023-45721 | 1 Hcltech | 1 Domino Leap | 2025-11-04 | 5.3 Medium |
| Insufficient default configuration in HCL Leap allows anonymous access to directory information. | ||||
| CVE-2024-30146 | 1 Hcltech | 1 Domino Leap | 2025-11-04 | 4.1 Medium |
| Improper access control of endpoint in HCL Domino Leap allows certain admin users to import applications from the server's filesystem. | ||||
| CVE-2024-30115 | 1 Hcltech | 1 Domino Leap | 2025-11-04 | 6.3 Medium |
| Insufficient sanitization policy in HCL Leap allows client-side script injection in the deployed application through the HTML widget. | ||||
| CVE-2022-27562 | 1 Hcltech | 1 Domino Leap | 2025-10-30 | 4.6 Medium |
| Unsafe default file type filter policy in HCL Domino Volt allows upload of .html file and execution of unsafe JavaScript in deployed applications. | ||||
| CVE-2022-42449 | 1 Hcltech | 1 Domino Leap | 2025-10-30 | 4.6 Medium |
| Unsafe default file type filter policy in HCL Domino Volt allows upload of .html file and execution of unsafe JavaScript in deployed applications | ||||
| CVE-2022-42450 | 1 Hcltech | 1 Domino Leap | 2025-10-30 | 4.6 Medium |
| Improper sanitization of SVG files in HCL Domino Volt allows client-side script injection in deployed applications. | ||||
| CVE-2023-37517 | 1 Hcltech | 1 Domino Leap | 2025-10-30 | 3.2 Low |
| Missing "no cache" headers in HCL Leap permits sensitive data to be cached. | ||||
| CVE-2023-37535 | 1 Hcltech | 1 Domino Leap | 2025-10-30 | 7.1 High |
| Insufficient URI protocol whitelist in HCL Domino Volt and Domino Leap allow script injection through query parameters. | ||||
| CVE-2024-30152 | 1 Hcltech | 1 Hcl Sx | 2025-10-30 | 6.5 Medium |
| HCL SX v21 is affected by usage of a weak cryptographic algorithm. An attacker could exploit this weakness to gain access to sensitive information, modify data, or other impacts. | ||||