CVE-2025-52632 — CVSS 6.5 (medium): A Missing Secure Attribute in Encrypted Session (SSL) Cookie vulnerability in HCL AION.This issue affects AION: 2.0.
CVE-2025-52644 — CVSS 5.8 (medium): HCL AION is affected by a vulnerability where certain user actions are not adequately audited or logged. The absence of proper auditing…
CVE-2025-52627 — CVSS 5.5 (medium): Root File System Not Mounted as Read-Only configuration vulnerability. This can allow unintended modifications to critical system files…
CVE-2025-52624 — CVSS 5.4 (medium): A vulnerability Bypass of the script allowlist configuration in HCL AION. An incorrectly configured Content-Security-Policy header may…
CVE-2025-52643 — CVSS 4.7 (medium): HCL AION is affected by a vulnerability where untrusted file parsing operations are not executed within a properly isolated sandbox…
CVE-2025-52628 — CVSS 4.6 (medium): HCL AION is affected by a Cookie with Insecure, Improper, or Missing SameSite vulnerability. This can allow cookies to be sent in…
CVE-2025-52626 — CVSS 4.5 (medium): A Potential Command Injection vulnerability in HCL AION. An This can allow unintended command execution, potentially leading to…
CVE-2025-52631 — CVSS 3.7 (low): HCL AION is affected by a Missing or Insecure HTTP Strict-Transport-Security (HSTS) Header vulnerability. This can allow insecure…
CVE-2025-52634 — CVSS 3.7 (low): Exposure of Sensitive Information to an Unauthorized Actor vulnerability in HCL AION This issue affects HCL AION: 2.0.
CVE-2025-52635 — CVSS 3.7 (low): A rusted types in scripts not enforced in CSP vulnerability has been identified in HCL AION.This issue affects AION: 2.0.
CVE-2025-52623 — CVSS 3.7 (low): HCL AION is affected by an Autocomplete HTML Attribute Not Disabled for Password Field vulnerability. This can allow autocomplete on…
CVE-2025-52625 — CVSS 3.7 (low): A vulnerability Cacheable SSL Page Found vulnerability has been identified in HCL AION. Cached data may expose credentials, system…
CVE-2025-52630 — CVSS 3.7 (low): Exposure of Sensitive Information to an Unauthorized Actor vulnerability in HCL AION.This issue affects AION: 2.0.
CVE-2025-52629 — CVSS 3.7 (low): HCL AION is susceptible to Missing Content-Security-Policy. An The absence of a CSP header may increase the risk of cross-site scripting…
CVE-2025-55249 — CVSS 3.5 (low): HCL AION is affected by a Missing Security Response Headers vulnerability. The absence of standard security headers may weaken the…
CVE-2025-52642 — CVSS 3.3 (low): HCL AION is affected by a vulnerability where internal filesystem paths may be exposed through application responses or system behaviour…
CVE-2025-55252 — CVSS 3.1 (low): HCL AION version 2 is affected by a Weak Password Policy vulnerability. This can allow the use of easily guessable passwords, potentially…
CVE-2025-52633 — CVSS 3.1 (low): HCL AION is affected by a Permanent Cookie Containing Sensitive Session Information vulnerability. It is storing sensitive session data in…
CVE-2025-55251 — CVSS 3.1 (low): HCL AION is affected by an Unrestricted File Upload vulnerability. This can allow malicious file uploads, potentially resulting in…
CVE-2025-52641 — CVSS 2.9 (low): HCL AION is affected by a vulnerability where certain system behaviours may allow exploration of internal filesystem structures. Exposure…
CVE-2025-52659 — CVSS 2.8 (low): HCL AION version 2 is affected by a Cacheable HTTP Response vulnerability. This may lead to unintended storage of sensitive or dynamic…
CVE-2025-52660 — CVSS 2.7 (low): HCL AION is affected by an Unrestricted File Upload vulnerability. This can allow malicious file uploads, potentially resulting in…
CVE-2025-52661 — CVSS 2.4 (low): HCL AION version 2 is affected by a JWT Token Expiry Too Long vulnerability. This may increase the risk of token misuse, potentially…
CVE-2025-52646 — CVSS 2.2 (low): HCL AION is affected by a vulnerability where certain offering configurations may permit execution of potentially harmful SQL queries…
CVE-2025-52645 — CVSS 1.9 (low): HCL AION is affected by a vulnerability where model packaging and distribution mechanisms may not include sufficient authenticity…
CVE-2025-55250 — CVSS 1.8 (low): HCL AION version 2 is affected by a Technical Error Disclosure vulnerability. This can expose sensitive technical details, potentially…
CVE-2025-52636 — CVSS 1.8 (low): HCL AION is affected by a vulnerability related to the handling of upload size limits. Improper control or validation of upload sizes may…
CVE-2025-52649 — CVSS 1.8 (low): HCL AION is affected by a vulnerability where certain identifiers may be predictable in nature. Predictable identifiers may allow an…