Hcl Aftermarket Dpc
17 CVEs affecting Hcl Aftermarket Dpc. Latest disclosed: 2026-03-26. Critical: 0, High: 3.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2025-55262 | High | 8.3 | 2026-03-26 | HCL Aftermarket DPC is affected by SQL Injection which allows attacker to exploit this vulnerability to retrieve sensitive information from the database. |
CVE-2025-55261 | High | 8.1 | 2026-03-26 | HCL Aftermarket DPC is affected by Missing Functional Level Access Control which will allow attacker to escalate his privileges and may compromise the applicat… |
CVE-2025-55263 | High | 7.3 | 2026-03-26 | HCL Aftermarket DPC is affected by Hardcoded Sensitive Data which allows attacker to gain access to the source code or if it is stored in insecure repositories… |
CVE-2025-55265 | Medium | 6.5 | 2026-03-26 | HCL Aftermarket DPC is affected by File Discovery which allows attacker could exploit this issue to read sensitive files present in the system and may use it t… |
CVE-2025-55266 | Medium | 5.9 | 2026-03-26 | HCL Aftermarket DPC is affected by Session Fixation which allows attacker to takeover the user's session and use it carry out unauthorized transaction behalf o… |
CVE-2025-55267 | Medium | 5.7 | 2026-03-26 | HCL Aftermarket DPC is affected by Unrestricted File Upload vulnerability, allows attacker to upload and execute malicious scripts, gaining full control over t… |
CVE-2025-55264 | Medium | 5.5 | 2026-03-26 | HCL Aftermarket DPC is affected by Failure to Invalidate Session on Password Change will allow attacker to access to a session, then they can maintain control… |
CVE-2025-55268 | Medium | 4.3 | 2026-03-26 | HCL Aftermarket DPC is affected by Spamming Vulnerability which can allow the actor to excessive spamming can consume server bandwidth and processing resources… |
CVE-2025-55273 | Medium | 4.3 | 2026-03-26 | HCL Aftermarket DPC is affected by Cross Domain Script Include vulnerability where an attacker using external scripts can tamper with the DOM, altering the con… |
CVE-2025-55269 | Medium | 4.2 | 2026-03-26 | HCL Aftermarket DPC is affected by Weak Password Policy vulnerability, which makes it easier for attackers to guess weak passwords or use brute-force technique… |
CVE-2025-55275 | Low | 3.7 | 2026-03-26 | HCL Aftermarket DPC is affected by Admin Session Concurrency vulnerability using which an attacker can exploit concurrent sessions to hijack or impersonate an… |
CVE-2025-55270 | Low | 3.5 | 2026-03-26 | HCL Aftermarket DPC is affected by Improper Input Validation which allows an attacker to inject executable code and can carry out attacks such as XSS, SQL Inje… |
CVE-2025-55271 | Low | 3.1 | 2026-03-26 | HCL Aftermarket DPC is affected by HTTP Response Splitting vulnerability where in depending on how the web application handles the split response, an attacker… |
CVE-2025-55272 | Low | 3.1 | 2026-03-26 | HCL Aftermarket DPC is affected by Banner Disclosure vulnerability where attackers gain insights into the system’s software and version details which would all… |
CVE-2025-55276 | Low | 3.1 | 2026-03-26 | HCL Aftermarket DPC is affected by Internal IP Disclosure vulnerability will give attackers a clearer map of the organization’s network layout. |
CVE-2025-55274 | Low | 2.6 | 2026-03-26 | HCL Aftermarket DPC is affected by Cross-Origin Resource Sharing vulnerability. CORS misconfigurations includes the exposure of sensitive user information to a… |
CVE-2025-55277 | Low | 2.6 | 2026-03-26 | HCL Aftermarket DPC is affected by Use of Vulnerable/Outdated Versions vulnerability using which an attacker may make use of the exploits available across the… |