Lucene search
K

29 matches found

CVE
CVE
added 2025/10/10 10:25 a.m.23 views

CVE-2025-52624

CVE-2025-52624 affects HCL AION 2.0. The issue is a bypass of the script allowlist caused by misconfigured Content-Security-Policy, enabling unauthorized scripts and increasing risk of cross-site scripting and other injection attacks. Connected sources confirm the vulnerability in HCL AION and de...

6.1CVSS5.9AI score0.00188EPSS
CVE
CVE
added 2026/01/19 6:13 p.m.23 views

CVE-2025-55252

CVE-2025-55252 – HCL AION version 2 is affected by a Weak Password Policy vulnerability, which can allow use of easily guessable passwords and potentially unauthorized access. The available documents identify the affected product (HCL AION 2) and the underlying issue (weak password policy), but d...

9.8CVSS5.4AI score0.00149EPSS
CVE
CVE
added 2026/01/19 5:54 p.m.21 views

CVE-2025-52659

CVE-2025-52659 affects HCL AION version 2, a AI lifecycle management platform. The vulnerability is a Cacheable HTTP Response issue that can cause unintended storage of sensitive or dynamic content, potentially enabling unauthorized access or information disclosure. The CVSS v3.1 base score is 7....

7.5CVSS5.4AI score0.00156EPSS
CVE
CVE
added 2026/01/19 5:39 p.m.21 views

CVE-2025-55251

Affected product: HCL AION. Vulnerability: Unrestricted File Upload. Impact statement: potential for unauthorized code execution or system compromise. Metrics (NVD): CVSS v3.1 base score 9.8, CRITICAL; attack vector NETWORK; user interaction NONE; privileges required NONE; confidentiality/integri...

9.8CVSS5.9AI score0.00177EPSS
CVE
CVE
added 2025/10/10 9:55 a.m.20 views

CVE-2025-52630

CVE-2025-52630 affects HCL AION (AION: 2.0). The connected sources describe an information disclosure vulnerability caused by a missing or insecure X-Content-Type-Options header, enabling an unauthorized actor to obtain credentials or system information. Public documents attribute this to HCL AIO...

7.5CVSS6.5AI score0.00223EPSS
CVE
CVE
added 2026/02/03 5:44 p.m.19 views

CVE-2025-52627

CVE-2025-52627 affects HCL AION (AI lifecycle management platform) 2.0, where the root filesystem is not mounted read-only, allowing unintended modifications to critical system files and potential system compromise. Connected sources corroborate the issue and cite root-file-system write access as...

7.5CVSS5.4AI score0.00148EPSS
CVE
CVE
added 2025/10/10 10:6 a.m.18 views

CVE-2025-52632

CVE-2025-52632 affects HCL AION 2.0 and is described as a Missing Secure Attribute in Encrypted Session (SSL) Cookie vulnerability. The available connected sources confirm the affected product (HCL AION) and the issue arises in encrypted session cookies lacking the Secure attribute, which can exp...

7.5CVSS6.6AI score0.0014EPSS
CVE
CVE
added 2026/02/03 5:48 p.m.17 views

CVE-2025-52626

Affected product : HCL AION (AI lifecycle management platform). Vulnerability : Command injection vulnerability that can be exploited to execute arbitrary commands on the underlying system. Root cause / context : Descriptions indicate a command injection issue in HCL AION; specific technical root...

9.8CVSS5.5AI score0.00583EPSS
CVE
CVE
added 2026/03/16 2:29 p.m.17 views

CVE-2025-52644

Technical details about CVE-2025-52644 are not publicly provided in the supplied documents. Monitor for updates from vendors and security advisories.

8.2CVSS5.8AI score0.00141EPSS
CVE
CVE
added 2026/02/03 6:12 p.m.16 views

CVE-2025-52623

CVE-2025-52623 affects HCL AION v2.0 where the password field does not have autocomplete disabled, enabling potential storage or disclosure of credentials. Connected sources (CNVD-2026-16403, RH/Red Hat, NVD, and PT-2026-5901) corroborate an information disclosure risk from password-field autocom...

6.5CVSS5.4AI score0.00151EPSS
CVE
CVE
added 2026/03/16 2:21 p.m.16 views

CVE-2025-52636

CVE-2025-52636 affects HCL AION. The issue is improper handling/validation of upload size limits, which may allow excessive resource consumption and could lead to service degradation or denial-of-service conditions under certain scenarios. Connected sources reiterate the same vulnerability descri...

7.5CVSS5.8AI score0.00144EPSS
CVE
CVE
added 2025/10/10 9:30 a.m.16 views

CVE-2025-52650

CVE-2025-52650 – HCL AION v2.0 : A CSP-related issue allows inline script execution due to improper CSP enforcement in HCL AION version 2.0. The root cause is CSP misconfiguration that fails to block inline scripts, enabling potential script injection within the application. Documented sources (P...

8.2CVSS6.8AI score0.00219EPSS
CVE
CVE
added 2026/01/19 5:49 p.m.16 views

CVE-2025-52660

HCL AION is affected by an Unrestricted File Upload vulnerability. Connected CNVD records describe an additional host header injection flaw in HCL AION, suggesting improper handling that can enable malicious file uploads and potential code execution or system compromise. The primary CVE entry and...

9.8CVSS5.9AI score0.00281EPSS
CVE
CVE
added 2025/10/10 10:28 a.m.15 views

CVE-2025-52625

CVE-2025-52625 affects HCL AION 2.0. A vulnerability described as a Cacheable SSL Page Found issue could allow attackers with access to the device or browser to view cached data, exposing credentials, system identifiers, or internal file paths. Root cause specifics, affected components beyond the...

7.5CVSS6.4AI score0.00223EPSS
CVE
CVE
added 2025/10/10 9:40 a.m.15 views

CVE-2025-52634

HCL AION (AI lifecycle platform) 2.0 is affected by CVE-2025-52634, described as an information disclosure vulnerability enabling unauthorized access. Multiple sources (NVD, RHACVE, CNVD, CNNVD, CVE lists, PT-2025-41539) corroborate that sensitive information can be exposed to an unauthenticated ...

7.5CVSS6.5AI score0.00223EPSS
CVE
CVE
added 2026/03/16 2:26 p.m.15 views

CVE-2025-52643

The CVE-2025-52643 entry concerns HCL AION and describes a vulnerability where untrusted file parsing is not performed in a properly isolated sandbox. This could enable unintended behavior or integrity impact when processing crafted files. Public technical details (affected versions, root cause, ...

7.8CVSS5.8AI score0.00095EPSS
CVE
CVE
added 2026/01/19 6:4 p.m.15 views

CVE-2025-52661

Technical details about CVE-2025-52661 are not publicly disclosed in the provided documents. No affected versions, root cause, or remediation are specified. Monitor for updates from vendors and security advisories.

5.3CVSS5.4AI score0.0015EPSS
CVE
CVE
added 2026/01/19 6:1 p.m.15 views

CVE-2025-55249

Technical details (affected product/versions, root cause, exploitability, mitigations) are not publicly available in the provided documents. Monitor for updates from vendor advisories and CVE feeds.

5.3CVSS5.4AI score0.00169EPSS
CVE
CVE
added 2026/02/03 5:54 p.m.14 views

CVE-2025-52629

CVE-2025-52629 affects HCL AION 2.0 and is caused by a missing Content-Security-Policy (CSP) header, increasing risk of cross-site scripting and content-injection attacks. Multiple sources (NVD, RH, CNVD, ENISA EUVD) corroborate the missing CSP as the issue. Remediation is to implement a CSP head...

6.1CVSS5.1AI score0.0012EPSS
CVE
CVE
added 2025/10/10 10:21 a.m.14 views

CVE-2025-52635

HCL AION (AI lifecycle platform) is affected in version 2.0 by a vulnerability where trusted types in scripts are not enforced by the Content Security Policy (CSP). This Trusted Types CSP bypass leads to information disclosure risk. Reports from multiple sources (NVD, CNVD, RH, CVE records, EUVD,...

9.8CVSS6.7AI score0.00247EPSS
CVE
CVE
added 2026/03/16 2:45 p.m.14 views

CVE-2025-52642

CVE-2025-52642 affects HCL AION (AI lifecycle management platform). The connected documents describe a root cause where internal filesystem paths are exposed through application responses or system behavior, enabling potential information disclosure about environment structure. The impact is info...

6.5CVSS5.7AI score0.00108EPSS
CVE
CVE
added 2026/01/19 6:9 p.m.14 views

CVE-2025-55250

HCL AION v2 is affected by a Technical Error Disclosure vulnerability that can expose sensitive technical details, potentially aiding information disclosure or attacker reconnaissance. The issue is described across NVD/Red Hat and related feeds with no public exploit details or remediation inform...

5.3CVSS5.4AI score0.00132EPSS
CVE
CVE
added 2026/04/15 8:47 a.m.13 views

CVE-2025-52641

Technical details are not publicly available in the provided documents. Monitor for updates.

5.3CVSS5.8AI score0.00116EPSS
CVE
CVE
added 2026/03/16 2:42 p.m.13 views

CVE-2025-52646

Technical details are not publicly available in the provided documents. Monitor for updates from vendors and security trackers to obtain affected versions, root cause, impact, and remediation.

5.3CVSS6AI score0.00147EPSS
CVE
CVE
added 2026/03/16 2:36 p.m.13 views

CVE-2025-52649

Technical details for CVE-2025-52649 are not publicly available in the provided documents. Monitor for updates.

5.3CVSS5.7AI score0.00131EPSS
CVE
CVE
added 2026/02/03 6:0 p.m.11 views

CVE-2025-52633

HCL AION 2.0 is affected by a vulnerability where sensitive session data is stored in persistent cookies, leading to potential information disclosure. Root cause cited by CNVD/Red Hat sources is lack of content security policy. Practical impact is information exposure if cookies are intercepted o...

5.3CVSS5.3AI score0.00179EPSS
CVE
CVE
added 2026/03/16 2:39 p.m.11 views

CVE-2025-52645

CVE-2025-52645 — HCL AION : The vulnerability concerns model packaging and distribution that may lack sufficient authenticity verification, allowing unverified or modified model artifacts and potential integrity concerns or unintended behavior. Affected product: HCL AION (AI lifecycle management ...

5.3CVSS5.8AI score0.00084EPSS
CVE
CVE
added 2026/02/03 6:16 p.m.10 views

CVE-2025-52631

CVE-2025-52631 affects HCL AION 2.0 and is due to a missing or insecure HTTP Strict-Transport-Security (HSTS) header. The NVD entry notes a high-severity vulnerability (CVSS v3.1: 8.1) with network access, high impact on confidentiality, integrity, and availability, and potential for MITM or prot...

8.1CVSS5.4AI score0.00199EPSS
CVE
CVE
added 2026/02/03 6:6 p.m.9 views

CVE-2025-52628

CVE-2025-52628 affects HCL AION 2.0. Connected sources describe a cookie handling issue due to missing or insecure SameSite attributes, enabling cross-site requests and increasing CSRF risk. The CNVD entry calls it a CSRF vulnerability stemming from the cookie SameSite issue; Red Hat and NVD desc...

8.8CVSS5.1AI score0.0019EPSS