247 matches found
EUVD-2025-200322
NMIS/BioDose V22.02 and previous versions rely on a common SQL Server user account to access data in the database. User access in the client application is restricted by a password authentication check in the client software but the underlying database connection always has access. The latest...
CVE-2025-61940
NMIS/BioDose V22.02 and previous versions rely on a common SQL Server user account to access data in the database. User access in the client application is restricted by a password authentication check in the client software but the underlying database connection always has access. The latest...
CVE-2025-61940
NMIS/BioDose V22.02 and previous versions rely on a common SQL Server user account to access data in the database. User access in the client application is restricted by a password authentication check in the client software but the underlying database connection always has access. The latest...
CVE-2025-61940 Mirion Medical EC2 Software NMIS BioDose Use of Client-Side Authentication
NMIS/BioDose V22.02 and previous versions rely on a common SQL Server user account to access data in the database. User access in the client application is restricted by a password authentication check in the client software but the underlying database connection always has access. The latest...
CVE-2025-61940 Mirion Medical EC2 Software NMIS BioDose Use of Client-Side Authentication
NMIS/BioDose V22.02 and previous versions rely on a common SQL Server user account to access data in the database. User access in the client application is restricted by a password authentication check in the client software but the underlying database connection always has access. The latest...
CVE-2025-61940
NMIS/BioDose (versions before V22.02) uses a common SQL Server user account for database access, while the client app performs password authentication but the underlying DB connection maintains access. The latest release adds Windows authentication to the database, which would restrict the connec...
PT-2025-48777
Name of the Vulnerable Software and Affected Versions NMIS/BioDose versions prior to V22.02 Description NMIS/BioDose versions prior to V22.02 utilize a shared SQL Server user account for database access. Client application user access is controlled by password authentication within the client...
Old tech, new vulnerabilities: NTLM abuse, ongoing exploitation in 2025
Just like the 2000s Flip phones grew popular, Windows XP debuted on personal computers, Apple introduced the iPod, peer-to-peer file sharing via torrents was taking off, and MSN Messenger dominated online chat. That was the tech scene in 2001, the same year when Sir Dystic of Cult of the Dead Cow...
CVE-2025-36361 IBM App Connect Enterprise runtime is vulnerable to a lack of authorization on windows environments using IWA
IBM App Connect Enterprise 13.0.1.0 through 13.0.4.2, and 12.0.1.0 through 12.0.12.17 could allow an authenticated user to perform unauthorized actions on customer defined resources due to missing authorization...
CVE-2025-36361 IBM App Connect Enterprise runtime is vulnerable to a lack of authorization on windows environments using IWA
IBM App Connect Enterprise 13.0.1.0 through 13.0.4.2, and 12.0.1.0 through 12.0.12.17 could allow an authenticated user to perform unauthorized actions on customer defined resources due to missing authorization...
CVE-2025-59275
Improper validation of specified type of input in Windows Authentication Methods allows an authorized attacker to elevate privileges locally...
CVE-2025-59277
Improper validation of specified type of input in Windows Authentication Methods allows an authorized attacker to elevate privileges locally...
CVE-2025-59278
Improper validation of specified type of input in Windows Authentication Methods allows an authorized attacker to elevate privileges locally...
EUVD-2025-34270
Improper validation of specified type of input in Windows Authentication Methods allows an authorized attacker to elevate privileges locally...
EUVD-2025-34271
Improper validation of specified type of input in Windows Authentication Methods allows an authorized attacker to elevate privileges locally...
EUVD-2025-34364
Exposure of sensitive information to an unauthorized actor in Windows NTLM allows an unauthorized attacker to perform spoofing locally...
EUVD-2025-34369
Improper validation of specified type of input in Windows Authentication Methods allows an authorized attacker to elevate privileges locally...
CVE-2025-59284
Exposure of sensitive information to an unauthorized actor in Windows NTLM allows an unauthorized attacker to perform spoofing locally...
CVE-2025-59278
Improper validation of specified type of input in Windows Authentication Methods allows an authorized attacker to elevate privileges locally...
CVE-2025-59277
Improper validation of specified type of input in Windows Authentication Methods allows an authorized attacker to elevate privileges locally...