15 matches found
SEPPmail Secure Email Gateway 安全漏洞
SEPPmail Secure Email Gateway is an email security gateway developed by the German company SEPPmail. Versions of SEPPmail Secure Email Gateway prior to version 15.0.3 contained security vulnerabilities. These vulnerabilities stemmed from improper validation of S/MIME encrypted MIME entities for...
CVE-2026-4649
A flaw was found in Apache Artemis and KNIME Business Hub. A user with normal privileges and the ability to execute workflows in an executor can exploit an authentication bypass vulnerability. This allows the user to install and register a federated mirror without authentication to the original...
CVE-2026-4649
Summary: CVE-2026-4649 describes an authentication bypass in Apache Artemis prior to 2.52.0, enabling reading all messages and injecting new messages. KNIME Business Hub uses Artemis, so it is affected, though Artemis is not exposed publicly; an attacker would need at least normal user privileges...
PT-2026-27354
Apache Artemis before version 2.52.0 is affected by an authentication bypass flaw which allows reading all messages exchanged via the broker and injection of new message CVE-2026-27446 https://www.cve.org/CVERecord . Since KNIME Business Hub uses Apache Artemis it is also affected by the issue...
CVE-2026-25220
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, the Message Center accepts the URL parameter showall=yes and passes it to getPnotesByUser, which returns all internal messages all users’ notes. The backend does not...
CVE-2026-25220
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, the Message Center accepts the URL parameter showall=yes and passes it to getPnotesByUser, which returns all internal messages all users’ notes. The backend does not...
CVE-2026-25220
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, the Message Center accepts the URL parameter showall=yes and passes it to getPnotesByUser, which returns all internal messages all users’ notes. The backend does not...
EUVD-2026-8705
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, the Message Center accepts the URL parameter showall=yes and passes it to getPnotesByUser, which returns all internal messages all users’ notes. The backend does not...
CVE-2026-25220 OpenEMR Messages "Show All" Not Restricted to Admins
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, the Message Center accepts the URL parameter showall=yes and passes it to getPnotesByUser, which returns all internal messages all users’ notes. The backend does not...
CVE-2026-25220 OpenEMR Messages "Show All" Not Restricted to Admins
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, the Message Center accepts the URL parameter showall=yes and passes it to getPnotesByUser, which returns all internal messages all users’ notes. The backend does not...
CVE-2026-25220
The CVE describes an access control flaw in OpenEMR prior to version 8.0.0 where the Message Center accepts the URL parameter show_all=yes and passes it to getPnotesByUser() without verifying admin rights. A non-admin, authenticated user could view the entire internal messages list by requesting ...
PT-2026-21976
Name of the Vulnerable Software and Affected Versions OpenEMR versions prior to 8.0.0 Description OpenEMR is an electronic health records and medical practice management application. Prior to version 8.0.0, the Message Center does not verify administrator privileges when handling the show all=yes...
CVE-2024-6598 Denial-of-service on KNIME Business Hub when certain jobs are executed
A denial-of-service attack is possible through the execution functionality of KNIME Business Hub 1.10.0 and 1.10.1. It allows an authenticated attacker with job execution privileges to execute a job that causes internal messages to pile up until there are no more resources available for processin...
Huawei ESE620X vESS buffer overflow vulnerability
Huawei ESE620X vESS is a virtual enterprise service controller from Huawei, China. A security vulnerability exists in ESE620X vESS, which is caused by an out-of-bounds read in a function that handles internal messages. An attacker could use this vulnerability to send a constructed exception messa...
Unspecified Vulnerability in Sylius
Sylius is a set of Symfony framework based on open source e-commerce platform . A security vulnerability exists in Sylius that can be exploited by an attacker to view internal system messages...