CVE-2025-52629

HCL AION is susceptible to Missing Content-Security-Policy. An The absence of a CSP header may increase the risk of cross-site scripting and other content injection attacks by allowing unsafe scripts or resources to execute..This issue affects AION: 2.0...

CVE-2025-52631

HCL AION is affected by a Missing or Insecure HTTP Strict-Transport-Security HSTS Header vulnerability. This can allow insecure connections, potentially exposing the application to man-in-the-middle and protocol downgrade attacks.. This issue affects AION: 2.0...

CVE-2025-52629

HCL AION is susceptible to Missing Content-Security-Policy. An The absence of a CSP header may increase the risk of cross-site scripting and other content injection attacks by allowing unsafe scripts or resources to execute..This issue affects AION: 2.0...

CVE-2025-52631

HCL AION is affected by a Missing or Insecure HTTP Strict-Transport-Security HSTS Header vulnerability. This can allow insecure connections, potentially exposing the application to man-in-the-middle and protocol downgrade attacks.. This issue affects AION: 2.0...

CVE-2025-52631

CVE-2025-52631 affects HCL AION 2.0 and is due to a missing or insecure HTTP Strict-Transport-Security (HSTS) header. The NVD entry notes a high-severity vulnerability (CVSS v3.1: 8.1) with network access, high impact on confidentiality, integrity, and availability, and potential for MITM or prot...

CVE-2025-52631 HCL AION is affected by a Missing or Insecure HTTP Strict-Transport-Security (HSTS) Header vulnerability.

HCL AION is affected by a Missing or Insecure HTTP Strict-Transport-Security HSTS Header vulnerability. This can allow insecure connections, potentially exposing the application to man-in-the-middle and protocol downgrade attacks.. This issue affects AION: 2.0...

EUVD-2025-206679

HCL AION is affected by an Autocomplete HTML Attribute Not Disabled for Password Field vulnerability. This can allow autocomplete on password fields may lead to unintended storage or disclosure of sensitive credentials, potentially increasing the risk of unauthorized access. This issue affects...

CVE-2025-52628 HCL AION is susceptible to Missing SameSite vulnerability

HCL AION is affected by a Cookie with Insecure, Improper, or Missing SameSite vulnerability. This can allow cookies to be sent in cross-site requests, potentially increasing exposure to cross-site request forgery and related security risks. This issue affects AION: 2.0...

CVE-2025-52629 HCL AION is susceptible to Missing Content-Security-Policy

HCL AION is susceptible to Missing Content-Security-Policy. An The absence of a CSP header may increase the risk of cross-site scripting and other content injection attacks by allowing unsafe scripts or resources to execute..This issue affects AION: 2.0...

EUVD-2025-206682

HCL AION is susceptible to Missing Content-Security-Policy. An The absence of a CSP header may increase the risk of cross-site scripting and other content injection attacks by allowing unsafe scripts or resources to execute..This issue affects AION: 2.0...

PT-2026-5903

Name of the Vulnerable Software and Affected Versions AION version 2.0 Description A configuration issue exists where the root file system is not mounted as read-only. This can allow unintended modifications to critical system files, potentially increasing the risk of system compromise or...

CVE-2025-52624

A vulnerability Bypass of the script allowlist configuration in HCL AION. An incorrectly configured Content-Security-Policy header may allow unauthorized scripts to execute, increasing the risk of cross-site scripting and other injection-based attacks.This issue affects AION: 2.0...

EUVD-2025-33697

A vulnerability Cacheable SSL Page Found vulnerability has been identified in HCL AION. Cached data may expose credentials, system identifiers, or internal file paths to attackers with access to the device or browser This issue affects AION: 2.0...

CVE-2025-52624 HCL AION is susceptible to Bypass of the script allow list configuration vulnerability

A vulnerability Bypass of the script allowlist configuration in HCL AION. An incorrectly configured Content-Security-Policy header may allow unauthorized scripts to execute, increasing the risk of cross-site scripting and other injection-based attacks.This issue affects AION: 2.0...

EUVD-2025-33700

A rusted types in scripts not enforced in CSP vulnerability has been identified in HCL AION.This issue affects AION: 2.0...

CVE-2025-52634

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in HCL AION This issue affects HCL AION: 2.0...

CVE-2025-52632

A Missing Secure Attribute in Encrypted Session SSL Cookie vulnerability in HCL AION.This issue affects AION: 2.0...

CVE-2025-52630 HCL AION is susceptible to Missing or insecure "X-Content-Type-Options" header vulnerability

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in HCL AION.This issue affects AION: 2.0...

CVE-2025-52634 HCL AION is susceptible to Spring Boot Actuator Endpoints Exposed

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in HCL AION This issue affects HCL AION: 2.0...

PT-2025-41538

Name of the Vulnerable Software and Affected Versions HCL AION version 2.0 Description The software contains a missing secure attribute in encrypted session cookies. This could allow attackers to potentially intercept sensitive information transmitted in the session. Recommendations At the moment...