1796 matches found
Lotus Domino R5 and R6 WebMail - Information Disclosure
Lotus Domino R5 and R6 WebMail with 'Generate HTML for all fields' enabled which is by default allows remote attackers to read the HTML source to obtain sensitive information including the password hash in the HTTPPassword field, the password change date in the HTTPPasswordChangeDate field, and t...
EUVD-2026-31117
The HCL DominoIQ RAG feature is affected by a Broken Access Control vulnerability. Under certain circumstances, document level access restrictions will be ignored when determining what data to return from an AI query. This could enable an authenticated attacker to view sensitive data...
Unspecified Vulnerability in HCL Traveler
HCL Traveler is a software from HCL India. It is used to provide automatic, bi-directional, wireless synchronization between HCL Domino servers and wireless handheld devices. HCL Traveler has a security vulnerability that stems from weak HTTP header validation, which can be exploited by an attack...
CVE-2025-62328
HCL Nomad server on Domino did not configure the frame-ancestors directive in the Content-Security-Policy header by default which could allow an attacker to obtain sensitive information via unspecified vectors...
HCL Traveler 安全漏洞
HCL Traveler is a software from HCL India. It is used to provide automatic, bi-directional, wireless synchronization between HCL Domino servers and wireless handheld devices. HCL Traveler has a security vulnerability that stems from weak HTTP header validation, which can be exploited by an attack...
EUVD-2025-208603
HCL Nomad server on Domino did not configure the frame-ancestors directive in the Content-Security-Policy header by default which could allow an attacker to obtain sensitive information via unspecified vectors...
CVE-2025-62328
HCL Nomad server on Domino did not configure the frame-ancestors directive in the Content-Security-Policy header by default which could allow an attacker to obtain sensitive information via unspecified vectors...
CVE-2025-62328
CVE-2025-62328 affects HCL Nomad server on Domino where the Content-Security-Policy header does not set the frame-ancestors directive by default. This may allow an attacker to obtain sensitive information via unspecified vectors. The CVSS v3.1 base score is 3.7 (LOW) with NETWORK attack vector, H...
CVE-2025-62328 HCL Nomad server on Domino is affected by a missing default frame-ancestors directive
HCL Nomad server on Domino did not configure the frame-ancestors directive in the Content-Security-Policy header by default which could allow an attacker to obtain sensitive information via unspecified vectors...
CVE-2025-62328 HCL Nomad server on Domino is affected by a missing default frame-ancestors directive
HCL Nomad server on Domino did not configure the frame-ancestors directive in the Content-Security-Policy header by default which could allow an attacker to obtain sensitive information via unspecified vectors...
CVE-2025-62328
HCL Nomad server on Domino did not configure the frame-ancestors directive in the Content-Security-Policy header by default which could allow an attacker to obtain sensitive information via unspecified vectors...
PT-2026-24860
HCL Nomad server on Domino did not configure the frame-ancestors directive in the Content-Security-Policy header by default which could allow an attacker to obtain sensitive information via unspecified vectors...
HCL Nomad Server 安全漏洞
HCL Nomad Server is a server component operated by the Indian company HCL, designed for running enterprise business applications. There is a security vulnerability in HCL Nomad Server on Domino. This vulnerability stems from an improper configuration of the frame-ancestors directive in the...
EUVD-2026-4528
Malicious code in domino-elements npm...
MAL-2026-478 Malicious code in domino-elements (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7d29d322166d012b639664f1711c5c9ca4353508a8ffa2e48eb5b7b14bbda296 The package domino-elements was found to contain malicious code...
Malicious code in domino-elements (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7d29d322166d012b639664f1711c5c9ca4353508a8ffa2e48eb5b7b14bbda296 The package domino-elements was found to contain malicious code...
CVE-2010-0358
Heap-based buffer overflow in the server in IBM Lotus Domino 7 and 8.5 FP1 allows remote attackers to cause a denial of service daemon exit and possibly have unspecified other impact via a long string in a crafted LDAP message to a TCP port, a different vulnerability than CVE-2009-3087...
CVE-2010-0927
Cross-site scripting XSS vulnerability in help/readme.nsf/Header in the Help component in IBM Lotus Domino 7.x before 7.0.4 and 8.x before 8.0.2 allows remote attackers to inject arbitrary web script or HTML via the BaseTarget parameter in an OpenPage action. NOTE: this may overlap CVE-2010-0920...
Hcl Inotes 安全漏洞
HCL Hcl Inotes is a software from HCL India that allows management of IBMDomino emails, scheduling of errands and other office activity management. A security vulnerability exists in Hcl Inotes that stems from improper validation of user input and could lead to a reflective cross-site scripting...
CVE-2025-12350 DominoKit <= 1.1.0 - Missing Authorization to Unauthenticated Settings Update
The DominoKit plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the wpajaxnoprivdominokitoptionadminaction AJAX endpoint in all versions up to, and including, 1.1.0. This makes it possible for unauthenticated attackers to update plugin settings...