Export limit exceeded: 18659 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (4 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-21821 | 1 Hclsoftware | 1 Bigfix Scm Reporting | 2026-05-14 | 8.3 High |
| The HCL BigFix SCM Reporting site contains an outdated and unsupported version of the jQuery 1.x library. Since jQuery 1.x has reached end-of-life and no longer receives security updates, it may expose the application to publicly known security weaknesses and increase the risk of client-side attacks such as Cross-Site Scripting (XSS) or manipulation through vulnerable third-party components. | ||||
| CVE-2025-31991 | 1 Hclsoftware | 1 Velocity | 2026-04-17 | 6.8 Medium |
| Rate Limiting for attempting a user login is not being properly enforced, making HCL DevOps Velocity susceptible to brute-force attacks past the unsuccessful login attempt limit. This vulnerability is fixed in 5.1.7. | ||||
| CVE-2026-21786 | 2 Hclsoftware, Hcltech | 2 Sametime For Ios, Sametime | 2026-04-16 | 3.3 Low |
| HCL Sametime for iOS is impacted by a sensitive information disclosure. Hostnames information is written in application logs and certain URLs. | ||||
| CVE-2025-31990 | 1 Hclsoftware | 1 Hcl Devops Velocity | 2026-04-15 | 6.8 Medium |
| Rate limiting for certain API calls is not being enforced, making HCL Velocity vulnerable to Denial of Service (DoS) attacks. An attacker could flood the system with a large number of requests, overwhelming its resources and causing it to become unresponsive to legitimate users. This vulnerability is fixed in 5.1.7. | ||||
Page 1 of 1.