| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2025-59873 | Session Token Exposure via URL Query Parameters | HCL Software | ZIE for Web | Medium | 5.9 | 2026-02-23 10:56:52 | Deep Dive |
| CVE-2025-55252 | HCL AION is affected by a Weak Password Policy vulnerability | HCL Software | AION | Low | 3.1 | 2026-01-19 18:13:18 | Deep Dive |
| CVE-2025-55250 | HCL AION is affected by a Technical Error Disclosure vulnerability | HCL Software | AION | Low | 1.8 | 2026-01-19 18:09:03 | Deep Dive |
| CVE-2025-52661 | HCL AION 安全漏洞 | HCL Software | AION | Low | 2.4 | 2026-01-19 18:04:31 | Deep Dive |
| CVE-2025-55249 | HCL AION is affected by a Missing Security Response Headers vulnerability. | HCL Software | AION | Low | 3.5 | 2026-01-19 18:01:05 | Deep Dive |
| CVE-2025-52659 | HCL AION is affected by a Cacheable HTTP Response vulnerability | HCL Software | AION | Low | 2.8 | 2026-01-19 17:54:19 | Deep Dive |
| CVE-2025-52660 | HCL AION is affected by an Host Header Injection vulnerability | HCL Software | AION | Low | 2.7 | 2026-01-19 17:49:52 | Deep Dive |
| CVE-2025-55251 | HCL AION is affected by an Unrestricted File Upload vulnerability | HCL Software | AION | Low | 3.1 | 2026-01-19 17:39:26 | Deep Dive |
| CVE-2025-59870 | Improper management of a static JWT signing secret in the web application, where the secret lacks rotation , introducing a security risk | HCL Software | MyXalytics | High | 7.4 | 2026-01-16 10:12:01 | Deep Dive |
| CVE-2025-55254 | HCL BigFix Remote Control is vulnerable to a Path-relative stylesheet import (PRSSI) | HCL Software | BigFix Remote Control | Low | 3.7 | 2025-12-17 20:46:39 | Deep Dive |
| CVE-2025-59849 | HCL BigFix Remote Control is vulnerable to an insecure CSP configuration | HCL Software | BigFix Remote Control | Medium | 4.7 | 2025-12-17 20:28:23 | Deep Dive |
| CVE-2025-62329 | HCL DevOps Deploy / HCL Launch is susceptible to an insufficient session expiration vulnerability | HCL Software | DevOps Deploy / Launch | Medium | 5.0 | 2025-12-16 15:11:53 | Deep Dive |
| CVE-2025-62330 | HCL DevOps Deploy is susceptible to a cleartext transmission of sensitive information | HCL Software | DevOps Deploy | Medium | 5.9 | 2025-12-16 06:16:10 | Deep Dive |
| CVE-2024-42197 | HCL Workload Scheduler is vulnerable to plain text storage of a password | HCL Software | Workload Scheduler | Medium | 5.5 | 2025-12-11 19:40:12 | Deep Dive |
| CVE-2025-52622 | HCL BigFix SaaS Remediate is affected by a security vulnerability | HCL Software | BigFix SaaS Remediate | Medium | 5.4 | 2025-12-02 17:59:06 | Deep Dive |
| CVE-2025-0248 | HCL iNotes is susceptible to a Reflected Cross-site Scripting (XSS) vulnerability, | HCL Software | iNotes | High | 8.1 | 2025-11-25 15:25:01 | Deep Dive |
| CVE-2025-62346 | HCL Glovius Cloud is susceptible to a Cross-Site Request Forgery (CSRF) vulnerability | HCL Software | Glovius Cloud | Medium | 6.8 | 2025-11-20 08:08:07 | Deep Dive |
| CVE-2025-52639 | HCL Connections is vulnerable to sensitive information disclosure | HCL Software | Connections | Low | 3.5 | 2025-11-18 18:58:06 | Deep Dive |
| CVE-2025-55278 | HCL DevOps Loop is susceptible to an improper authentication vulnerability | HCL Software | DevOps Loop | High | 8.1 | 2025-11-05 22:44:17 | Deep Dive |
| CVE-2025-31954 | HCL iAutomate is susceptible to a sensitive information disclosure | HCL Software | iAutomate | Medium | 5.4 | 2025-11-05 18:23:21 | Deep Dive |