CVE-2026-21785

A misconfigured Content Security Policy CSP in HCL BigFix Remote Control Server WebUI versions 10.1.0.0442 and earlier fails to define directives without fallbacks, allowing attackers to bypass intended security restrictions and load unauthorized resources...

PT-2026-44108

Name of the Vulnerable Software and Affected Versions HCL BigFix Remote Control Server WebUI versions prior to 10.1.0.0443 Description A misconfigured Content Security Policy CSP, which is a security layer used to detect and mitigate certain types of attacks including Cross-Site Scripting XSS and...

CVE-2025-15634

CVE-2025-15634: In HCL BigFix WebUI, a missing authorization flaw lets an authenticated user with LOW privileges view sensitive environmental information via direct URL access to an unauthorized page. Impact: confidentiality (environmental data) exposed; attack vector: network; complexity: low; r...

EUVD-2025-209754

A missing authorization vulnerability in HCL BigFix WebUI allows an authenticated user without proper permissions to view sensitive environmental information via direct URL access to the unauthorized page...

CVE-2025-15634 HCL BigFix WebUI is affected by a missing authorization vulnerability

A missing authorization vulnerability in HCL BigFix WebUI allows an authenticated user without proper permissions to view sensitive environmental information via direct URL access to the unauthorized page...

CVE-2025-15633 HCL BigFix WebUI is affected by an improper authorization vulnerability

An improper authorization vulnerability in HCL BigFix WebUI allows an authenticated user without Master Operator privileges to access internal data site names, versions, and configuration variables and bypass privilege requirements via unprotected endpoints lacking adequate security headers...

EUVD-2025-209753

An improper authorization vulnerability in HCL BigFix WebUI allows an authenticated user without Master Operator privileges to access internal data site names, versions, and configuration variables and bypass privilege requirements via unprotected endpoints lacking adequate security headers...

HCL BigFix WebUI 安全漏洞

HCL BigFix WebUI is a web-based administration page from HCL India. A security vulnerability exists in the HCL BigFix WebUI that stems from improper authorization and could allow authenticated users without Master Operator privileges to access internal data and bypass privilege requirements throu...

EUVD-2025-11092

Malicious code in bioql PyPI...

EUVD-2022-32045

Malicious code in bioql PyPI...

EUVD-2022-32046

Malicious code in bioql PyPI...

CVE-2024-42193

HCL BigFix Web Reports' service communicates over HTTPS but exhibits a weakness in its handling of SSL certificate validation. This scenario presents a possibility of man-in-the-middle MITM attacks and data exposure as, if exploited, this vulnerability could potentially lead to unauthorized acces...

CVE-2024-42193 HCL BigFix Web Reports is susceptible to a Man-In-The-Middle (MITM) attack

HCL BigFix Web Reports' service communicates over HTTPS but exhibits a weakness in its handling of SSL certificate validation. This scenario presents a possibility of man-in-the-middle MITM attacks and data exposure as, if exploited, this vulnerability could potentially lead to unauthorized acces...

CVE-2024-42193

CVE-2024-42193 refers to a weakness in SSL certificate validation in the HCL BigFix Web Reports service. The connected Nessus entry (KB0120585) ties this to affected HCL BigFix Server versions: 10.0.x before 10.0.13 and 11.x before 11.0.4, indicating a MITM risk and potential unauthorized access ...

CVE-2024-42193 HCL BigFix Web Reports is susceptible to a Man-In-The-Middle (MITM) attack

HCL BigFix Web Reports' service communicates over HTTPS but exhibits a weakness in its handling of SSL certificate validation. This scenario presents a possibility of man-in-the-middle MITM attacks and data exposure as, if exploited, this vulnerability could potentially lead to unauthorized acces...

CVE-2024-42200

HCL BigFix Web Reports might be subject to a Stored Cross-Site Scripting XSS attack, due to a potentially weak validation of user input...

CVE-2024-42189

HCL BigFix Web Reports might be subject to a Denial of Service DoS attack, due to a potentially weak validation of an API parameter...

CVE-2024-42189 HCL BigFix Web Reports might be subject to a Denial of Service (DoS) attack

HCL BigFix Web Reports might be subject to a Denial of Service DoS attack, due to a potentially weak validation of an API parameter...

CVE-2024-42189 HCL BigFix Web Reports might be subject to a Denial of Service (DoS) attack

HCL BigFix Web Reports might be subject to a Denial of Service DoS attack, due to a potentially weak validation of an API parameter...

CVE-2024-42200 HCL BigFix Web Reports is potentially susceptible to a Stored Cross-Site Scripting (XSS) attack

HCL BigFix Web Reports might be subject to a Stored Cross-Site Scripting XSS attack, due to a potentially weak validation of user input...