CVE-2026-8033

PicoTronica e-Clinic Healthcare System ECHS version 5.7 contains a vulnerability in the Response Header Handler component, specifically affecting the file /cdemos/echs/api/v2/. The issue allows information disclosure due to manipulation of the response headers. Exploitation is described as possib...

CVE-2026-8033

A vulnerability has been found in PicoTronica e-Clinic Healthcare System ECHS 5.7. This affects an unknown function of the file /cdemos/echs/api/v2/ of the component Response Header Handler. Such manipulation leads to information disclosure. The attack may be performed from remote. The exploit ha...

CVE-2026-8031

A vulnerability was detected in PicoTronica e-Clinic Healthcare System ECHS 5.7. The affected element is an unknown function of the file /cdemos/echs/api/v2/patient-records of the component API Endpoint. The manipulation results in missing authentication. The attack can be executed remotely. The...

CVE-2026-8031

CVE-2026-8031 affects PicoTronica e-Clinic Healthcare System ECHS 5.7. The vulnerability is in the API Endpoint at /cdemos/echs/api/v2/patient-records, where missing authentication allows remote access. The issue is rooted in an unknown function of the endpoint component, enabling an attacker to ...

CVE-2026-8031 PicoTronica e-Clinic Healthcare System ECHS API Endpoint patient-records missing authentication

A vulnerability was detected in PicoTronica e-Clinic Healthcare System ECHS 5.7. The affected element is an unknown function of the file /cdemos/echs/api/v2/patient-records of the component API Endpoint. The manipulation results in missing authentication. The attack can be executed remotely. The...

PT-2026-38225

Name of the Vulnerable Software and Affected Versions PicoTronica e-Clinic Healthcare System ECHS version 5.7 Description An issue in the Response Header Handler component within the file '/cdemos/echs/api/v2/' allows for remote information disclosure. Recommendations Upgrade to version 5.7.1...

PT-2026-38224

Name of the Vulnerable Software and Affected Versions PicoTronica e-Clinic Healthcare System ECHS version 5.7 Description A flaw in the file /cdemos/echs/priv/echs.js allows remote attackers to exploit hard-coded credentials through the manipulation of the ADMIN KEY argument. Recommendations...

CLEANSTART-2026-VP44686 Security fixes for CVE-2025-58183, CVE-2025-58185, CVE-2025-58187, CVE-2025-58188, CVE-2025-58189, CVE-2025-61723, CVE-2025-61724, CVE-2025-61725, CVE-2025-61732, CVE-2025-68121 applied in versions: 5.7.1-r0, 5.7.1-r1

Multiple security vulnerabilities affect the kustomize-fips package. These issues are resolved in later releases. See references for individual vulnerability details...

CVE-2026-24949

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ThemeGoods PhotoMe photome allows DOM-Based XSS.This issue affects PhotoMe: from n/a through = 5.7.1...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-004160)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004160 advisory. An issue was discovered in the Linux kernel 4.4 through 5.7.1. drivers/tty/vt/keyboard.c has an integer overflow if kascii is called several times in a row, aka...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-004261)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004261 advisory. An issue was discovered in the Linux kernel 4.4 through 5.7.1. drivers/tty/vt/keyboard.c has an integer overflow if kascii is called several times in a row, aka...

CVE-2024-34573

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Pootlepress Pootle Pagebuilder – WordPress Page builder allows Stored XSS.This issue affects Pootle Pagebuilder – WordPress Page builder: from n/a through 5.7.1...

OPENSUSE-SU-2025:15845-1 podman-5.7.1-1.1 on GA media

These are all security issues fixed in the podman-5.7.1-1.1 package on the GA media of openSUSE Tumbleweed...

CVE-2025-66284

Stored cross-site scripting vulnerabilities exist in GroupSession Free edition prior to ver5.7.1, GroupSession byCloud prior to ver5.7.1, and GroupSession ZION prior to ver5.7.1. A logged-in user can prepare a malicious page or URL, and an arbitrary script may be executed on the web browser when...

CVE-2025-65120

Reflected cross-site scripting vulnerability exists in GroupSession Free edition prior to ver5.7.1, GroupSession byCloud prior to ver5.7.1, and GroupSession ZION prior to ver5.7.1. If a user accesses a crafted page or URL, an arbitrary script may be executed on the web browser of the user...

CVE-2025-64781

In GroupSession Free edition prior to ver5.7.1, GroupSession byCloud prior to ver5.7.1, and GroupSession ZION prior to ver5.7.1, "External page display restriction" is set to "Do not limit" in the initial configuration. With this configuration, the user may be redirected to an arbitrary website...

CVE-2025-64781

CVE-2025-64781 affects Japan Total System GroupSession products (Free edition prior to 5.7.1, byCloud prior to 5.7.1, ZION prior to 5.7.1). The issue arises when the initial configuration sets the “External page display restriction” to Do not limit, allowing a specially crafted URL to redirect th...

EUVD-2025-203018

In GroupSession Free edition prior to ver5.7.1, GroupSession byCloud prior to ver5.7.1, and GroupSession ZION prior to ver5.7.1, "External page display restriction" is set to "Do not limit" in the initial configuration. With this configuration, the user may be redirected to an arbitrary website...

CVE-2025-66284

Stored cross-site scripting vulnerabilities exist in GroupSession Free edition prior to ver5.7.1, GroupSession byCloud prior to ver5.7.1, and GroupSession ZION prior to ver5.7.1. A logged-in user can prepare a malicious page or URL, and an arbitrary script may be executed on the web browser when...

Japan Total System多款产品 跨站脚本漏洞

Japan Total System GroupSession Free edition and others are an enterprise collaboration software from Japan Total System, Inc. A cross-site scripting vulnerability exists in various Japan Total System products, which stems from a stored cross-site scripting vulnerability that could result in...