These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.
CVE-2025-59868 is a sensitive data exposure vulnerability in HCL Traveler for Microsoft Outlook (HTMO). An attacker could exploit application information to then attempt additional attacks and cause unknown behavior in the application. The vulnerability has a CVSS score of 5.5 and a severity of MEDIUM. The CVE was published on June 27, 2026, and modified on June 29, 2026. Evidence is limited; further anal [truncated]
CVE-2023-37524 is a high-severity vulnerability in HCL Traveler for Microsoft Outlook (HTMO) caused by its reliance on the outdated .NET Framework 4.5. This framework has reached end-of-life and no longer receives security updates, potentially exposing HTMO to known security weaknesses through vulnerable third-party components. The vulnerability has a CVSS score of 7.7 and is considered high severity. HCL [truncated]
CVE-2024-23581 is a medium-severity vulnerability (CVSS score of 6.7) affecting HCL Traveler for Microsoft Outlook. The vulnerability was published on June 26, 2026, and last modified on June 29, 2026. The CVE record and NVD detail pages provide information on this vulnerability. According to the HCL Software support page, the issue involves libraries being flagged as potentially malicious software or an [truncated]
CVE-2025-15619 is a broken access control vulnerability in HCL Connections that may allow an unauthorized user to view data in a single specific scenario. The vulnerability has a CVSS score of 3.5 and a severity of LOW. The CVE was published on 2026-06-23T16:16:58.393Z and last modified on 2026-06-25T20:20:44.730Z. The vendor, HCL Software, has provided a reference for this vulnerability. However, details [truncated]
CVE-2026-21768 is a medium-severity vulnerability (CVSS score of 6.3) affecting the compose-rich-editor library (version 1.0.0-rc14) used in HCL Verse for Android's rich text email composition. The library fails to properly validate all HTML input, allowing malicious content to be executed in certain situations. This issue primarily impacts Android users of HCL Verse who engage with rich text emails. The [truncated]
CVE-2026-21837 is an OS command injection vulnerability in HCL Digital Experience's Digital Asset Management API. An attacker could execute arbitrary OS commands, potentially leading to a complete system takeover and data compromise. The vulnerability has a CVSS score of 8.7 and is considered HIGH severity.
CVE-2026-21826 is a medium-severity vulnerability affecting HCL Digital Experience and HCL Digital Experience Compose. The vulnerability is caused by a Host header injection issue, which allows an attacker to manipulate the Host header and cause the application to behave in unexpected ways. The Common Vulnerability Scoring System (CVSS) score for this vulnerability is 6.1. The vulnerability was published [truncated]
HCL Digital Experience Compose is affected by a reflected cross-site scripting (XSS) vulnerability in the search center. An attacker could execute arbitrary JavaScript in the victim's browser.
CVE-2025-62338 is a low-severity vulnerability in HCL BigFix Cloud Lifecycle Management. The issue is caused by a lack of input validation, which could allow unauthorized access and potentially lead to information exposure. The Common Vulnerability Scoring System (CVSS) score for this vulnerability is 3.3, indicating a low severity. The vulnerability was published on [cvePublishedAt](https://www.cve.org/C [truncated]
A misconfigured Content Security Policy (CSP) in HCL BigFix Remote Control Server WebUI (versions 10.1.0.0442 and earlier) fails to define directives without fallbacks, allowing attackers to bypass intended security restrictions and load unauthorized resources. The vulnerability was published on 2026-05-27 with a CVSS 3.1 score of 4.0 (MEDIUM severity). The attack vector is network-based with high attack [truncated]
CVE-2026-21836 describes a broken access control issue in the HCL DominoIQ RAG feature. Under certain circumstances, document-level access restrictions can be ignored when the AI query engine decides what data to return, which could allow an authenticated attacker to see sensitive information. The issue was published on 2026-05-20 and is rated CVSS 6.5 (Medium) with confidentiality impact only. The availa [truncated]
A broken access control vulnerability in HCL Connections may allow unauthorized users to update data under certain conditions. The vulnerability is classified as CWE-863 (Incorrect Authorization) and carries a CVSS 3.1 score of 4.6 (Medium severity). The attack vector is network-based with low attack complexity, requiring low privileges and user interaction. The vulnerability was published to the NVD on 2 [truncated]