Lucene search
K

12 matches found

RedhatCVE
RedhatCVE
added 2026/05/07 8:21 p.m.12 views

CVE-2026-8033

A vulnerability has been found in PicoTronica e-Clinic Healthcare System ECHS 5.7. This affects an unknown function of the file /cdemos/echs/api/v2/ of the component Response Header Handler. Such manipulation leads to information disclosure. The attack may be performed from remote. The exploit ha...

6.9CVSS5.5AI score0.00292EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/06 7:0 p.m.29 views

CVE-2026-8032 PicoTronica e-Clinic Healthcare System ECHS echs.js hard-coded credentials

A flaw has been found in PicoTronica e-Clinic Healthcare System ECHS 5.7. The impacted element is an unknown function of the file /cdemos/echs/priv/echs.js. This manipulation of the argument ADMINKEY causes hard-coded credentials. The attack is possible to be carried out remotely. The exploit has...

7.5CVSS0.00284EPSS
Exploits0References4
NVD
NVD
added 2025/12/12 5:16 a.m.9 views

CVE-2025-65120

Reflected cross-site scripting vulnerability exists in GroupSession Free edition prior to ver5.7.1, GroupSession byCloud prior to ver5.7.1, and GroupSession ZION prior to ver5.7.1. If a user accesses a crafted page or URL, an arbitrary script may be executed on the web browser of the user...

6.1CVSS0.00168EPSS
Exploits0References2
EUVD
EUVD
added 2025/12/12 5:1 a.m.5 views

EUVD-2025-203025

Stored cross-site scripting vulnerabilities exist in GroupSession Free edition prior to ver5.7.1, GroupSession byCloud prior to ver5.7.1, and GroupSession ZION prior to ver5.7.1. A logged-in user can prepare a malicious page or URL, and an arbitrary script may be executed on the web browser when...

5.4CVSS5.5AI score0.00142EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/12/12 12:0 a.m.6 views

PT-2025-50879

Reflected cross-site scripting vulnerability exists in GroupSession Free edition prior to ver5.7.1, GroupSession byCloud prior to ver5.7.1, and GroupSession ZION prior to ver5.7.1. If a user accesses a crafted page or URL, an arbitrary script may be executed on the web browser of the user...

6.1CVSS6.1AI score0.00168EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/11/12 12:0 a.m.4 views

DesDev DedeCMS 代码问题漏洞

DesDev DedeCMS Dream Weaving Content Management System is a PHP-based open source content management system CMS from China's Zhuozhuo DesDev. The system has features such as content publishing, content management, content editing and content retrieval. A code issue vulnerability exists in DesDev...

9.8CVSS4.4AI score0.02476EPSS
Exploits0References5
OSV
OSV
added 2024/03/21 3:16 p.m.5 views

CVE-2024-2465

Open redirection vulnerability in CDeX application allows to redirect users to arbitrary websites via a specially crafted URL.This issue affects CDeX application versions through 5.7.1...

7.1CVSS5.9AI score0.00598EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/03/21 12:0 a.m.3 views

PT-2024-20485 · Cdex · Cdex

Name of the Vulnerable Software and Affected Versions: CDeX application versions through 5.7.1 Description: The issue is related to a weak password recovery mechanism in the CDeX application, which allows the retrieval of a password reset token. Recommendations: For versions through 5.7.1, update...

8CVSS6.4AI score0.00598EPSS
Exploits0References7
CNNVD
CNNVD
added 2022/12/16 12:0 a.m.4 views

SOGo 安全漏洞

SOGo is a very fast and scalable modern collaboration suite. It provides calendaring, address book management and a full-featured Webmail client as well as resource sharing and permission handling. A security vulnerability exists in SOGo 5.7.1 and earlier versions, which stems from the manipulati...

6.1CVSS5.9AI score0.00559EPSS
Exploits1References4
OSV
OSV
added 2022/07/21 4:15 a.m.3 views

UBUNTU-CVE-2022-31151

Authorization headers are cleared on cross-origin redirect. However, cookie headers which are sensitive headers and are official headers found in the spec, remain uncleared. There are active users using cookie headers in undici. This may lead to accidental leakage of cookie to a 3rd-party site or...

6.5CVSS6.5AI score0.00584EPSS
Exploits1References5
OSV
OSV
added 2022/07/19 9:15 p.m.1 views

DEBIAN-CVE-2022-31150

undici is an HTTP/1.1 client, written from scratch for Node.js. It is possible to inject CRLF sequences into request headers in undici in versions less than 5.7.1. A fix was released in version 5.8.0. Sanitizing all HTTP headers from untrusted sources to eliminate \r\n is a workaround for this...

6.5CVSS6.3AI score0.01158EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2021/01/18 12:0 a.m.5 views

PT-2021-12647 · Mcafee · Mcafee Agent

Name of the Vulnerable Software and Affected Versions: McAfee Agent MA for Windows versions prior to 5.7.1 Description: The issue allows local users to block product updates by manipulating a directory used for temporary files, resulting in the product continuing to function with out-of-date...

5.5CVSS5.3AI score0.00354EPSS
Exploits0References6
Rows per page
Query Builder