725 matches found
WordPress KiviCare <2.3.9 - SQL Injection
WordPress KiviCare plugin before 2.3.9 contains a SQL injection vulnerability. The plugin does not sanitize and escape some parameters before using them in SQL statements via the ajaxpost AJAX action with the getdoctordetails route. An attacker can possibly obtain sensitive information, modify...
EUVD-2026-43127
The KiviCare – Clinic & Patient Management System EHR plugin for WordPress is vulnerable to generic SQL Injection via the 'orderby' parameter in all versions up to, and including, 4.5.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing...
WordPress KiviCare plugin <= 4.5.0 - SQL Injection vulnerability
SQL Injection vulnerability discovered by PRISM - Wordfence in WordPress Plugin KiviCare versions = 4.5.0...
CVE-2026-42735
Authentication Bypass Using an Alternate Path or Channel vulnerability in Iqonic Design KiviCare kivicare-clinic-management-system allows Password Recovery Exploitation.This issue affects KiviCare: from n/a through = 4.3.0...
EUVD-2026-32187
Authentication Bypass Using an Alternate Path or Channel vulnerability in Iqonic Design KiviCare kivicare-clinic-management-system allows Password Recovery Exploitation.This issue affects KiviCare: from n/a through = 4.3.0...
PT-2026-43647
Authentication Bypass Using an Alternate Path or Channel vulnerability in Iqonic Design KiviCare kivicare-clinic-management-system allows Password Recovery Exploitation.This issue affects KiviCare: from n/a through = 4.3.0...
CVE-2026-8033
A vulnerability has been found in PicoTronica e-Clinic Healthcare System ECHS 5.7. This affects an unknown function of the file /cdemos/echs/api/v2/ of the component Response Header Handler. Such manipulation leads to information disclosure. The attack may be performed from remote. The exploit ha...
CVE-2026-8032
A flaw has been found in PicoTronica e-Clinic Healthcare System ECHS 5.7. The impacted element is an unknown function of the file /cdemos/echs/priv/echs.js. This manipulation of the argument ADMINKEY causes hard-coded credentials. The attack is possible to be carried out remotely. The exploit has...
EUVD-2026-28203
A flaw has been found in PicoTronica e-Clinic Healthcare System ECHS 5.7. The impacted element is an unknown function of the file /cdemos/echs/priv/echs.js. This manipulation of the argument ADMINKEY causes hard-coded credentials. The attack is possible to be carried out remotely. The exploit has...
CVE-2026-8033 PicoTronica e-Clinic Healthcare System ECHS Response Header v2 information disclosure
A vulnerability has been found in PicoTronica e-Clinic Healthcare System ECHS 5.7. This affects an unknown function of the file /cdemos/echs/api/v2/ of the component Response Header Handler. Such manipulation leads to information disclosure. The attack may be performed from remote. The exploit ha...
CVE-2026-8031
A vulnerability was detected in PicoTronica e-Clinic Healthcare System ECHS 5.7. The affected element is an unknown function of the file /cdemos/echs/api/v2/patient-records of the component API Endpoint. The manipulation results in missing authentication. The attack can be executed remotely. The...
CVE-2026-8032
CVE-2026-8032 affects PicoTronica e-Clinic Healthcare System ECHS (v5.7). In echs.js (path: /cdemos/echs/priv/echs.js), an argument manipulation of ADMIN_KEY leads to hard-coded credentials exposed in the remote-access component. The issue enables remote exploitation with a published exploit; imp...
CVE-2026-8032 PicoTronica e-Clinic Healthcare System ECHS echs.js hard-coded credentials
A flaw has been found in PicoTronica e-Clinic Healthcare System ECHS 5.7. The impacted element is an unknown function of the file /cdemos/echs/priv/echs.js. This manipulation of the argument ADMINKEY causes hard-coded credentials. The attack is possible to be carried out remotely. The exploit has...
CVE-2026-8032 PicoTronica e-Clinic Healthcare System ECHS echs.js hard-coded credentials
A flaw has been found in PicoTronica e-Clinic Healthcare System ECHS 5.7. The impacted element is an unknown function of the file /cdemos/echs/priv/echs.js. This manipulation of the argument ADMINKEY causes hard-coded credentials. The attack is possible to be carried out remotely. The exploit has...
CVE-2026-8031
A vulnerability was detected in PicoTronica e-Clinic Healthcare System ECHS 5.7. The affected element is an unknown function of the file /cdemos/echs/api/v2/patient-records of the component API Endpoint. The manipulation results in missing authentication. The attack can be executed remotely. The...
CVE-2026-8031 PicoTronica e-Clinic Healthcare System ECHS API Endpoint patient-records missing authentication
A vulnerability was detected in PicoTronica e-Clinic Healthcare System ECHS 5.7. The affected element is an unknown function of the file /cdemos/echs/api/v2/patient-records of the component API Endpoint. The manipulation results in missing authentication. The attack can be executed remotely. The...
PT-2026-38225
Name of the Vulnerable Software and Affected Versions PicoTronica e-Clinic Healthcare System ECHS version 5.7 Description An issue in the Response Header Handler component within the file '/cdemos/echs/api/v2/' allows for remote information disclosure. Recommendations Upgrade to version 5.7.1...
PicoTronica e-Clinic Healthcare System ECHS 安全漏洞
PicoTronica e-Clinic Healthcare System ECHS is a medical clinic management system developed by the British company PicoTronica. Version 5.7 of the PicoTronica e-Clinic Healthcare System ECHS contains a security vulnerability. This vulnerability stems from an issue with the parameter ADMINKEY in t...
PicoTronica e-Clinic Healthcare System ECHS 授权问题漏洞
PicoTronica e-Clinic Healthcare System ECHS is a medical clinic management system developed by the British company PicoTronica. Version 5.7 of the PicoTronica e-Clinic Healthcare System ECHS contains an authorization vulnerability. This vulnerability stems from an unknown function in the API...
PT-2026-38216
Name of the Vulnerable Software and Affected Versions PicoTronica e-Clinic Healthcare System ECHS version 5.7 Description A missing authentication flaw exists in the API Endpoint component within the file '/cdemos/echs/api/v2/patient-records'. This issue allows a remote attacker to bypass...