24 matches found
CVE-2026-24896
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, a Broken Access Control vulnerability exists in OpenEMR’s edihmain.php endpoint, which allows any authenticated user—including low-privilege roles like Receptionist—to...
CVE-2026-24896 OpenEMR has Broken Access Control that allows unauthorized access to EDI Logs
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, a Broken Access Control vulnerability exists in OpenEMR’s edihmain.php endpoint, which allows any authenticated user—including low-privilege roles like Receptionist—to...
CVE-2024-55374
REDCap 14.3.13 allows an attacker to enumerate usernames due to an observable discrepancy between login attempts...
ClinCapture EDC 安全漏洞
ClinCapture EDC is a clinical trial data capture system from ClinCapture, Inc. A security vulnerability exists in ClinCapture EDC versions 3.0 and 2.2.3, which originates in reflective cross-site scripting and could lead to the execution of JavaScript code by an unauthenticated, remote attacker i...
CVE-2025-65270
CVE-2025-65270 is a reflected XSS vulnerability in ClinCapture EDC versions 2.2.3 and 3.0, allowing an unauthenticated remote attacker to execute JavaScript in the victim’s browser. Root cause involves reflective XSS in ClinCapture EDC. Impact is context of the victim’s browser with low confident...
EUVD-2022-29618
Malicious code in bioql PyPI...
EUVD-2022-29617
Malicious code in bioql PyPI...
CVE-2025-7426
Information disclosure and exposure of authentication FTP credentials over the debug port 1604 in the MINOVA TTA service. This allows unauthenticated remote access to an active FTP account containing sensitive internal data and import structures. In environments where this FTP server is part of...
CVE-2025-7426 MINOVA TTA Information Disclosure and Credential Exposure
Information disclosure and exposure of authentication FTP credentials over the debug port 1604 in the MINOVA TTA service. This allows unauthenticated remote access to an active FTP account containing sensitive internal data and import structures. In environments where this FTP server is part of...
PT-2025-34601 · Unknown · Minova Tta
Name of the Vulnerable Software and Affected Versions: MINOVA TTA version 11.17.0 Description: The MINOVA TTA service exposes authentication FTP credentials through debug port 1604, allowing unauthenticated remote access to active FTP accounts containing sensitive internal data and import...
CVE-2022-24830
OpenClinica is an open source software for Electronic Data Capture EDC and Clinical Data Management CDM. OpenClinica prior to version 3.16 is vulnerable to path traversal in multiple endpoints, leading to arbitrary file read/write, and potential remote code execution. There are no known...
CVE-2022-24831
OpenClinica is an open source software for Electronic Data Capture EDC and Clinical Data Management CDM. Versions prior to 3.16.1 are vulnerable to SQL injection due to the use of string concatenation to create SQL queries instead of prepared statements. No known workarounds exist. This issue has...
PT-2025-4828 · Redcap · Redcap
Name of the Vulnerable Software and Affected Versions: REDCap version 14.9.6 Description: A stored cross-site scripting XSS issue allows authenticated users to inject malicious scripts into the Survey field name of Survey. When a user receives the survey and clicks on the field name, it triggers...
Path traversal
OpenClinica is an open source software for Electronic Data Capture EDC and Clinical Data Management CDM. OpenClinica prior to version 3.16 is vulnerable to path traversal in multiple endpoints, leading to arbitrary file read/write, and potential remote code execution. There are no known...
CVE-2022-24830 Path Traversal in OpenClinica
OpenClinica is an open source software for Electronic Data Capture EDC and Clinical Data Management CDM. OpenClinica prior to version 3.16 is vulnerable to path traversal in multiple endpoints, leading to arbitrary file read/write, and potential remote code execution. There are no known...
Cleo LexiCom 路径遍历漏洞
Cleo LexiCom is an integrated platform from Cleo, Inc. Accelerate EDI automation, speed trade partner on-boarding and easily resolve EDI issues. A path traversal vulnerability exists in Cleo LexiCom 5.5.0.0, which originates in an AS2 message where the sender can specify a filename that can conta...
Information Disclosure Vulnerability in MessageSolution's Enterprise Email Archive Management System EEA
MessageSolution is a series of unstructured data archiving products such as email archiving, mail archiving, document archiving, SharePoint archiving and backup management, Domino document archiving, and mail archiving system SME edition can help users manage their emails and electronic data...
CVE-2020-12005
FactoryTalk Linx versions 6.00, 6.10, and 6.11, RSLinx Classic v4.11.00 and prior,Connected Components Workbench: Version 12 and prior, ControlFLASH: Version 14 and later, ControlFLASH Plus: Version 1 and later, FactoryTalk Asset Centre: Version 9 and later, FactoryTalk Linx CommDTM: Version 1 an...
Data governance and retention in your Microsoft 365 tenant—a secure and highly capable solution
Data governance has relied on transferring data to a third-party for hosting an archive service. Emails, documents, chat logs, and third-party data Bloomberg, Facebook, LinkedIn, etc. must be saved in a way that it can’t be changed and won’t be lost. Data governance is part of IT at the enterpris...
Massive Database from Tango messenger server hacked by Syrian Electronic Army
Syrian Electronic Army SEA, hacking group known for cyber attacks against the anti-Syrian websites, has claimed that it has hacked the website of messaging application, Tango tango.me, that includes hundreds of millions of electronic and voice data over the Internet. Hacker group tweeted a messag...