Lucene search
+L

10 matches found

Vulnrichment
Vulnrichment
added 2026/04/29 8:30 a.m.6 views

CVE-2026-42517 Cryptographic Failure Vulnerability in e-Sushrut HMIS

This vulnerability exists in e-Sushrut due to the use of reversible Base64 encoding for protecting sensitive data. An authenticated attacker could exploit this vulnerability by decoding and manipulating Base64-encoded parameters in the request URL to gain unauthorized access to sensitive...

7.1CVSS5.2AI score0.00226EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/29 8:30 a.m.34 views

CVE-2026-42517 Cryptographic Failure Vulnerability in e-Sushrut HMIS

This vulnerability exists in e-Sushrut due to the use of reversible Base64 encoding for protecting sensitive data. An authenticated attacker could exploit this vulnerability by decoding and manipulating Base64-encoded parameters in the request URL to gain unauthorized access to sensitive...

7.1CVSS0.00226EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/29 8:26 a.m.36 views

CVE-2026-42516 Broken Access Control Vulnerability in e-Sushrut HMIS

This vulnerability exists in e-Sushrut due to improper authorization checks during resource access. An authenticated attacker could exploit this vulnerability by manipulating encoded parameters in the request URL to gain unauthorized access to patient accounts on the targeted system...

7.1CVSS0.00226EPSS
Exploits0References1
CVE
CVE
added 2026/04/29 8:22 a.m.15 views

CVE-2026-42515

CVE-2026-42515 is an IDOR vulnerability in the e-Sushrut HMIS. Improper access control in resource access validation allows an authenticated attacker to manipulate a URL parameter in the API request to gain unauthorized access to patients’ sensitive information. The CVSS 4.0 base score is 7.1 (HI...

7.1CVSS5.3AI score0.00226EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/29 8:22 a.m.37 views

CVE-2026-42515 Insecure Direct Object Reference (IDOR) Vulnerability in e-Sushrut HMIS

This vulnerability exists in e-Sushrut due to improper access control in resource access validation. An authenticated attacker could exploit this vulnerability by manipulating parameter in the API request URL to gain unauthorized access to sensitive information of patients on the targeted system...

7.1CVSS0.00226EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/04/29 8:17 a.m.6 views

CVE-2026-42514 Sensitive Data Exposure Vulnerability in e-Sushrut HMIS

This vulnerability exists in e-Sushrut due to exposure of OTPs in plaintext within API responses. A remote attacker could exploit this vulnerability by intercepting API responses containing valid OTPs. Successful exploitation of this vulnerability could allow an attacker to impersonate the target...

8.8CVSS5.5AI score0.00227EPSS
Exploits0References1
CVE
CVE
added 2026/04/29 8:17 a.m.18 views

CVE-2026-42514

CVE-2026-42514 affects e-Sushrut HMIS. The issue is exposure of OTPs in plaintext within API responses, enabling a remote attacker to intercept responses containing valid OTPs. If exploited, an attacker could impersonate a target user and gain unauthorized access to user accounts. Metrics indicat...

8.8CVSS5.5AI score0.00227EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/29 8:17 a.m.39 views

CVE-2026-42514 Sensitive Data Exposure Vulnerability in e-Sushrut HMIS

This vulnerability exists in e-Sushrut due to exposure of OTPs in plaintext within API responses. A remote attacker could exploit this vulnerability by intercepting API responses containing valid OTPs. Successful exploitation of this vulnerability could allow an attacker to impersonate the target...

8.8CVSS0.00227EPSS
Exploits0References1
CVE
CVE
added 2026/04/29 8:13 a.m.27 views

CVE-2026-42513

CVE-2026-42513 affects e-Sushrut HMIS. The vulnerability stems from improper authentication logic that relies on client-side response parameters to determine login status, enabling a remote attacker to intercept and modify server responses to bypass authentication and gain unauthorized access to ...

8.8CVSS5.6AI score0.00482EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/29 8:13 a.m.41 views

CVE-2026-42513 Authentication Bypass Vulnerability in e-Sushrut HMIS

This vulnerability exists in e-Sushrut due to improper authentication logic that relies on client-side response parameters to determine authentication status. A remote attacker could exploit this vulnerability by intercepting and modifying the server response. Successful exploitation of this...

8.8CVSS0.00482EPSS
Exploits0References1
Rows per page
Query Builder