Domino Leap CVEs and Security Vulnerabilities

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2022-27562	1 Hcltech	1 Domino Leap	2025-10-30	4.6 Medium
Unsafe default file type filter policy in HCL Domino Volt allows upload of .html file and execution of unsafe JavaScript in deployed applications.
CVE-2022-42449	1 Hcltech	1 Domino Leap	2025-10-30	4.6 Medium
Unsafe default file type filter policy in HCL Domino Volt allows upload of .html file and execution of unsafe JavaScript in deployed applications
CVE-2022-42450	1 Hcltech	1 Domino Leap	2025-10-30	4.6 Medium
Improper sanitization of SVG files in HCL Domino Volt allows client-side script injection in deployed applications.
CVE-2023-37517	1 Hcltech	1 Domino Leap	2025-10-30	3.2 Low
Missing "no cache" headers in HCL Leap permits sensitive data to be cached.
CVE-2023-37535	1 Hcltech	1 Domino Leap	2025-10-30	7.1 High
Insufficient URI protocol whitelist in HCL Domino Volt and Domino Leap allow script injection through query parameters.

Page 1 of 1.