Vulnerabilities in HCL
88 resultsCVE-2020-14258—HCL Notes is susceptible to a Denial of Service vulnerability caused by improper validation of user-supplied input. A remote unauthenticatedEPSS 1.2%CVE-2020-14230—HCL Domino is susceptible to a Denial of Service vulnerability caused by improper validation of user-supplied input. A remote unauthenticateEPSS 1.2%CVE-2020-4089—HCL Notes is vulnerable to an information leakage vulnerability through its support for the 'mailto' protocol. This vulnerability could resuEPSS 1.2%CVE-2020-14234—HCL Domino is susceptible to a Denial of Service vulnerability due to improper validation of user-supplied input, potentially giving an attaEPSS 1.0%CVE-2025-55270LOWHCL Aftermarket DPC is affected by Improper Input ValidationEPSS 1.0%CVE-2019-4209—HCL Connections v5.5, v6.0, and v6.5 contains an open redirect vulnerability which could be exploited by an attacker to conduct phishing attEPSS 0.6%CVE-2025-52626MEDIUMHCL AION is susceptible to Potential Command Injection vulnerabilityEPSS 0.6%CVE-2019-4388—HCL AppScan Source 9.0.3.13 and earlier is susceptible to cross-site scripting (XSS) attacks by allowing users to embed arbitrary JavaScriptEPSS 0.5%CVE-2019-4409—HCL Traveler versions 9.x and earlier are susceptible to cross-site scripting attacks. On the Problem Report page of the Traveler servlet paEPSS 0.5%CVE-2020-4104—HCL BigFix WebUI is vulnerable to stored cross-site scripting (XSS) within the Apps->Software module. An attacker can use XSS to send a maliEPSS 0.5%CVE-2025-55265MEDIUMHCL Aftermarket DPC is affected by File DiscoveryEPSS 0.3%CVE-2025-55261HIGHHCL Aftermarket DPC is affected by Missing Functional Level Access ControlEPSS 0.3%CVE-2025-55271LOWHCL Aftermarket DPC is affected by HTTP Response Splitting vulnerabilityEPSS 0.3%CVE-2025-55267MEDIUMHCL Aftermarket DPC is affected by Unrestricted File Upload vulnerabilityEPSS 0.3%CVE-2025-62319CRITICALBoolean-Based SQL Injection in Multiple Unica ComponentsEPSS 0.3%CVE-2025-55262HIGHHCL Aftermarket DPC is affected by SQL InjectionEPSS 0.3%CVE-2025-55268MEDIUMHCL Aftermarket DPC is affected by Spamming VulnerabilityEPSS 0.3%CVE-2025-59874HIGHHCL Hive Telco Observability is affected by a Required directives missing from the CSP .EPSS 0.3%CVE-2025-55266MEDIUMHCL Aftermarket DPC is affected by Session FixationEPSS 0.3%CVE-2024-30151HIGHHCL BigFix Service Management (SM) is susceptible to Broken Access Control VulnerabilityEPSS 0.2%