Filtered by vendor Hcltech
Subscriptions
Total
310 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-30145 | 1 Hcltech | 1 Domino Leap | 2025-11-07 | 6.5 Medium |
| Multiple vectors in HCL Domino Volt and Domino Leap allow client-side script injection in the authoring environment and deployed applications. | ||||
| CVE-2025-55278 | 1 Hcltech | 1 Devops Loop | 2025-11-06 | 8.1 High |
| Improper authentication in the API authentication middleware of HCL DevOps Loop allows authentication tokens to be accepted without proper validation of their expiration and cryptographic signature. As a result, an attacker could potentially use expired or tampered tokens to gain unauthorized access to sensitive resources and perform actions with elevated privileges. | ||||
| CVE-2025-31954 | 1 Hcltech | 1 Iautomate | 2025-11-06 | 5.4 Medium |
| HCL iAutomate v6.5.1 and v6.5.2 is susceptible to a sensitive information disclosure. An HTTP GET method is used to process a request and includes sensitive information in the query string of that request. An attacker could potentially access information or resources they were not intended to see. | ||||
| CVE-2025-52602 | 1 Hcltech | 1 Bigfix Query | 2025-11-06 | 4.2 Medium |
| HCL BigFix Query is affected by a sensitive information disclosure in the WebUI Query application. An HTTP GET endpoint request returns discoverable responses that may disclose: group names, active user names (or IDs). An attacker can use that information to target individuals with phishing or other social-engineering attacks. | ||||
| CVE-2023-45721 | 1 Hcltech | 1 Domino Leap | 2025-11-04 | 5.3 Medium |
| Insufficient default configuration in HCL Leap allows anonymous access to directory information. | ||||
| CVE-2024-30146 | 1 Hcltech | 1 Domino Leap | 2025-11-04 | 4.1 Medium |
| Improper access control of endpoint in HCL Domino Leap allows certain admin users to import applications from the server's filesystem. | ||||
| CVE-2024-30115 | 1 Hcltech | 1 Domino Leap | 2025-11-04 | 6.3 Medium |
| Insufficient sanitization policy in HCL Leap allows client-side script injection in the deployed application through the HTML widget. | ||||
| CVE-2022-27562 | 1 Hcltech | 1 Domino Leap | 2025-10-30 | 4.6 Medium |
| Unsafe default file type filter policy in HCL Domino Volt allows upload of .html file and execution of unsafe JavaScript in deployed applications. | ||||
| CVE-2022-42449 | 1 Hcltech | 1 Domino Leap | 2025-10-30 | 4.6 Medium |
| Unsafe default file type filter policy in HCL Domino Volt allows upload of .html file and execution of unsafe JavaScript in deployed applications | ||||
| CVE-2022-42450 | 1 Hcltech | 1 Domino Leap | 2025-10-30 | 4.6 Medium |
| Improper sanitization of SVG files in HCL Domino Volt allows client-side script injection in deployed applications. | ||||
| CVE-2023-37517 | 1 Hcltech | 1 Domino Leap | 2025-10-30 | 3.2 Low |
| Missing "no cache" headers in HCL Leap permits sensitive data to be cached. | ||||
| CVE-2024-30152 | 1 Hcltech | 1 Hcl Sx | 2025-10-30 | 6.5 Medium |
| HCL SX v21 is affected by usage of a weak cryptographic algorithm. An attacker could exploit this weakness to gain access to sensitive information, modify data, or other impacts. | ||||
| CVE-2024-30109 | 1 Hcltech | 1 Dryice Aex | 2025-10-30 | 3.7 Low |
| HCL DRYiCE AEX is impacted by a lack of clickjacking protection in the AEX web application. An attacker can use multiple transparent or opaque layers to trick a user into clicking on a button or link on another page than the one intended. | ||||
| CVE-2024-30110 | 1 Hcltech | 1 Dryice Aex | 2025-10-30 | 3.7 Low |
| HCL DRYiCE AEX product is impacted by lack of input validation vulnerability in a particular web application. A malicious script can be injected into a system which can cause the system to behave in unexpected ways. | ||||
| CVE-2024-30111 | 1 Hcltech | 1 Dryice Aex | 2025-10-30 | 3.3 Low |
| HCL DRYiCE AEX product is impacted by Missing Root Detection vulnerability in the mobile application. The mobile app can be installed in the rooted device due to which malicious users can gain unauthorized access to the rooted devices, compromising security and potentially leading to data breaches or other malicious activities. | ||||
| CVE-2024-30135 | 1 Hcltech | 1 Dryice Aex | 2025-10-30 | 3.3 Low |
| HCL DRYiCE AEX is potentially impacted by disclosure of sensitive information in the mobile application when a snapshot is taken. | ||||
| CVE-2024-30130 | 1 Hcltech | 1 Nomad Server On Domino | 2025-10-30 | 3.7 Low |
| HCL Nomad server on Domino is vulnerable to the cache containing sensitive information which could potentially give an attacker the ability to acquire the sensitive information. | ||||
| CVE-2024-30128 | 1 Hcltech | 1 Nomad Server On Domino | 2025-10-30 | 8.6 High |
| HCL Nomad server on Domino is affected by an open proxy vulnerability in which an unauthenticated attacker can mask their original source IP address. This may enable an attacker to trick the user into exposing sensitive information. | ||||
| CVE-2024-30134 | 1 Hcltech | 2 Traveler, Traveler For Microsoft Outlook | 2025-10-30 | 6.7 Medium |
| The HCL Traveler for Microsoft Outlook executable (HTMO.exe) is being flagged as potentially Malicious Software or an Unrecognized Application. | ||||
| CVE-2024-30132 | 1 Hcltech | 1 Nomad Server On Domino | 2025-10-30 | 3.7 Low |
| HCL Nomad server on Domino did not configure certain HTTP Security headers by default which could allow an attacker to obtain sensitive information via unspecified vectors. | ||||