12 matches found
CVE-2026-8033
A vulnerability has been found in PicoTronica e-Clinic Healthcare System ECHS 5.7. This affects an unknown function of the file /cdemos/echs/api/v2/ of the component Response Header Handler. Such manipulation leads to information disclosure. The attack may be performed from remote. The exploit ha...
CVE-2026-8032 PicoTronica e-Clinic Healthcare System ECHS echs.js hard-coded credentials
A flaw has been found in PicoTronica e-Clinic Healthcare System ECHS 5.7. The impacted element is an unknown function of the file /cdemos/echs/priv/echs.js. This manipulation of the argument ADMINKEY causes hard-coded credentials. The attack is possible to be carried out remotely. The exploit has...
CVE-2025-65120
Reflected cross-site scripting vulnerability exists in GroupSession Free edition prior to ver5.7.1, GroupSession byCloud prior to ver5.7.1, and GroupSession ZION prior to ver5.7.1. If a user accesses a crafted page or URL, an arbitrary script may be executed on the web browser of the user...
EUVD-2025-203025
Stored cross-site scripting vulnerabilities exist in GroupSession Free edition prior to ver5.7.1, GroupSession byCloud prior to ver5.7.1, and GroupSession ZION prior to ver5.7.1. A logged-in user can prepare a malicious page or URL, and an arbitrary script may be executed on the web browser when...
PT-2025-50879
Reflected cross-site scripting vulnerability exists in GroupSession Free edition prior to ver5.7.1, GroupSession byCloud prior to ver5.7.1, and GroupSession ZION prior to ver5.7.1. If a user accesses a crafted page or URL, an arbitrary script may be executed on the web browser of the user...
DesDev DedeCMS 代码问题漏洞
DesDev DedeCMS Dream Weaving Content Management System is a PHP-based open source content management system CMS from China's Zhuozhuo DesDev. The system has features such as content publishing, content management, content editing and content retrieval. A code issue vulnerability exists in DesDev...
CVE-2024-2465
Open redirection vulnerability in CDeX application allows to redirect users to arbitrary websites via a specially crafted URL.This issue affects CDeX application versions through 5.7.1...
PT-2024-20485 · Cdex · Cdex
Name of the Vulnerable Software and Affected Versions: CDeX application versions through 5.7.1 Description: The issue is related to a weak password recovery mechanism in the CDeX application, which allows the retrieval of a password reset token. Recommendations: For versions through 5.7.1, update...
SOGo 安全漏洞
SOGo is a very fast and scalable modern collaboration suite. It provides calendaring, address book management and a full-featured Webmail client as well as resource sharing and permission handling. A security vulnerability exists in SOGo 5.7.1 and earlier versions, which stems from the manipulati...
UBUNTU-CVE-2022-31151
Authorization headers are cleared on cross-origin redirect. However, cookie headers which are sensitive headers and are official headers found in the spec, remain uncleared. There are active users using cookie headers in undici. This may lead to accidental leakage of cookie to a 3rd-party site or...
DEBIAN-CVE-2022-31150
undici is an HTTP/1.1 client, written from scratch for Node.js. It is possible to inject CRLF sequences into request headers in undici in versions less than 5.7.1. A fix was released in version 5.8.0. Sanitizing all HTTP headers from untrusted sources to eliminate \r\n is a workaround for this...
PT-2021-12647 · Mcafee · Mcafee Agent
Name of the Vulnerable Software and Affected Versions: McAfee Agent MA for Windows versions prior to 5.7.1 Description: The issue allows local users to block product updates by manipulating a directory used for temporary files, resulting in the product continuing to function with out-of-date...