Shodan
Vulnerabilities
Vulnerable Software
Hcltech:  Security Vulnerabilities
CVE-2025-63401
Cross Site Scripting vulnerability in HCL Technologies Limited HCLTech DRAGON before v.7.6.0 allows a remote attacker to execute arbitrary code via missing directives
CVSS Score
5.5
EPSS Score
0.002
Published
2025-12-03
CVE-2025-63402
An issue in HCL Technologies Limited HCLTech GRAGON before v.7.6.0 allows a remote attacker to execute arbitrary code via APIs do not enforcing limits on the number or size of requests
CVSS Score
5.5
EPSS Score
0.003
Published
2025-12-03
CVE-2025-51733
Cross-Site Request Forgery (CSRF) vulnerability in HCL Technologies Ltd. Unica 12.0.0.
CVSS Score
5.5
EPSS Score
0.0
Published
2025-11-28
CVE-2025-51734
Cross-site scripting (XSS) vulnerability in HCL Technologies Ltd. Unica 12.0.0.
CVSS Score
5.4
EPSS Score
0.0
Published
2025-11-28
CVE-2025-51735
CSV formula injection vulnerability in HCL Technologies Ltd. Unica 12.0.0.
CVSS Score
7.5
EPSS Score
0.001
Published
2025-11-28
CVE-2025-51736
File upload vulnerability in HCL Technologies Ltd. Unica 12.0.0.
CVSS Score
6.3
EPSS Score
0.0
Published
2025-11-28
CVE-2025-52639
HCL Connections is vulnerable to a sensitive information disclosure vulnerability which could allow a user to obtain sensitive information they are not entitled to, caused by improper rendering of application data.
CVSS Score
3.5
EPSS Score
0.0
Published
2025-11-18
CVE-2025-31954
HCL iAutomate v6.5.1 and v6.5.2 is susceptible to a sensitive information disclosure. An HTTP GET method is used to process a request and includes sensitive information in the query string of that request. An attacker could potentially access information or resources they were not intended to see.
CVSS Score
5.4
EPSS Score
0.0
Published
2025-11-05
CVE-2024-42192
HCL Traveler for Microsoft Outlook (HTMO) is susceptible to a credential leakage which could allow an attacker to access other computers or applications.
CVSS Score
5.5
EPSS Score
0.0
Published
2025-10-16
CVE-2025-0277
HCL BigFix Mobile 3.3 and earlier are vulnerable to certain insecure directives within the Content Security Policy (CSP). An attacker could trick users into performing actions by not properly restricting the sources of scripts and other content.
CVSS Score
6.5
EPSS Score
0.0
Published
2025-10-16


Products
Pricing
Contact Us

Shodan ® - All rights reserved