Lucene search
K

50 matches found

OSV
OSV
added 3 days ago7 views

ROOT-OS-UBUNTU-2404-CVE-2025-71192 CVE-2025-71192 in rootio-linux - Patched by Root

Root has patched CVE-2025-71192 in the rootio-linux package for Root:Ubuntu:24.04. Multiple fixed versions available...

5.4AI score0.00156EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/05/07 8:21 p.m.12 views

CVE-2026-8033

A vulnerability has been found in PicoTronica e-Clinic Healthcare System ECHS 5.7. This affects an unknown function of the file /cdemos/echs/api/v2/ of the component Response Header Handler. Such manipulation leads to information disclosure. The attack may be performed from remote. The exploit ha...

6.9CVSS5.5AI score0.00292EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/07 8:21 p.m.11 views

CVE-2026-8032

A flaw has been found in PicoTronica e-Clinic Healthcare System ECHS 5.7. The impacted element is an unknown function of the file /cdemos/echs/priv/echs.js. This manipulation of the argument ADMINKEY causes hard-coded credentials. The attack is possible to be carried out remotely. The exploit has...

7.5CVSS6.8AI score0.00284EPSS
Exploits0References1
NVD
NVD
added 2026/05/06 8:16 p.m.13 views

CVE-2026-8033

A vulnerability has been found in PicoTronica e-Clinic Healthcare System ECHS 5.7. This affects an unknown function of the file /cdemos/echs/api/v2/ of the component Response Header Handler. Such manipulation leads to information disclosure. The attack may be performed from remote. The exploit ha...

6.9CVSS0.00292EPSS
Exploits0References4
NVD
NVD
added 2026/05/06 8:16 p.m.11 views

CVE-2026-8032

A flaw has been found in PicoTronica e-Clinic Healthcare System ECHS 5.7. The impacted element is an unknown function of the file /cdemos/echs/priv/echs.js. This manipulation of the argument ADMINKEY causes hard-coded credentials. The attack is possible to be carried out remotely. The exploit has...

7.5CVSS0.00284EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/05/06 7:30 p.m.8 views

CVE-2026-8033 PicoTronica e-Clinic Healthcare System ECHS Response Header v2 information disclosure

A vulnerability has been found in PicoTronica e-Clinic Healthcare System ECHS 5.7. This affects an unknown function of the file /cdemos/echs/api/v2/ of the component Response Header Handler. Such manipulation leads to information disclosure. The attack may be performed from remote. The exploit ha...

6.9CVSS5.2AI score0.00292EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/05/06 7:0 p.m.8 views

CVE-2026-8032 PicoTronica e-Clinic Healthcare System ECHS echs.js hard-coded credentials

A flaw has been found in PicoTronica e-Clinic Healthcare System ECHS 5.7. The impacted element is an unknown function of the file /cdemos/echs/priv/echs.js. This manipulation of the argument ADMINKEY causes hard-coded credentials. The attack is possible to be carried out remotely. The exploit has...

7.5CVSS6.8AI score0.00284EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/05/06 7:0 p.m.29 views

CVE-2026-8032 PicoTronica e-Clinic Healthcare System ECHS echs.js hard-coded credentials

A flaw has been found in PicoTronica e-Clinic Healthcare System ECHS 5.7. The impacted element is an unknown function of the file /cdemos/echs/priv/echs.js. This manipulation of the argument ADMINKEY causes hard-coded credentials. The attack is possible to be carried out remotely. The exploit has...

7.5CVSS0.00284EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/05/06 7:0 p.m.6 views

CVE-2026-8032

A flaw has been found in PicoTronica e-Clinic Healthcare System ECHS 5.7. The impacted element is an unknown function of the file /cdemos/echs/priv/echs.js. This manipulation of the argument ADMINKEY causes hard-coded credentials. The attack is possible to be carried out remotely. The exploit has...

7.5CVSS6.8AI score0.00284EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2026/05/06 7:0 p.m.11 views

CVE-2026-8032

CVE-2026-8032 affects PicoTronica e-Clinic Healthcare System ECHS (v5.7). In echs.js (path: /cdemos/echs/priv/echs.js), an argument manipulation of ADMIN_KEY leads to hard-coded credentials exposed in the remote-access component. The issue enables remote exploitation with a published exploit; imp...

7.5CVSS6.8AI score0.00284EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/05/06 6:0 p.m.9 views

CVE-2026-8031 PicoTronica e-Clinic Healthcare System ECHS API Endpoint patient-records missing authentication

A vulnerability was detected in PicoTronica e-Clinic Healthcare System ECHS 5.7. The affected element is an unknown function of the file /cdemos/echs/api/v2/patient-records of the component API Endpoint. The manipulation results in missing authentication. The attack can be executed remotely. The...

6.9CVSS5.8AI score0.00394EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/12/13 5:3 a.m.6 views

CVE-2025-65120

Reflected cross-site scripting vulnerability exists in GroupSession Free edition prior to ver5.7.1, GroupSession byCloud prior to ver5.7.1, and GroupSession ZION prior to ver5.7.1. If a user accesses a crafted page or URL, an arbitrary script may be executed on the web browser of the user...

6.1CVSS6.1AI score0.00168EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/12/13 5:3 a.m.5 views

CVE-2025-64781

In GroupSession Free edition prior to ver5.7.1, GroupSession byCloud prior to ver5.7.1, and GroupSession ZION prior to ver5.7.1, "External page display restriction" is set to "Do not limit" in the initial configuration. With this configuration, the user may be redirected to an arbitrary website...

5.1CVSS6.8AI score0.00186EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/12/13 5:3 a.m.4 views

CVE-2025-66284

Stored cross-site scripting vulnerabilities exist in GroupSession Free edition prior to ver5.7.1, GroupSession byCloud prior to ver5.7.1, and GroupSession ZION prior to ver5.7.1. A logged-in user can prepare a malicious page or URL, and an arbitrary script may be executed on the web browser when...

5.4CVSS6AI score0.00142EPSS
Exploits0References1
OSV
OSV
added 2025/12/12 5:16 a.m.4 views

CVE-2025-66284

Stored cross-site scripting vulnerabilities exist in GroupSession Free edition prior to ver5.7.1, GroupSession byCloud prior to ver5.7.1, and GroupSession ZION prior to ver5.7.1. A logged-in user can prepare a malicious page or URL, and an arbitrary script may be executed on the web browser when...

4.8CVSS5.7AI score0.00142EPSS
Exploits0References2
NVD
NVD
added 2025/12/12 5:16 a.m.9 views

CVE-2025-65120

Reflected cross-site scripting vulnerability exists in GroupSession Free edition prior to ver5.7.1, GroupSession byCloud prior to ver5.7.1, and GroupSession ZION prior to ver5.7.1. If a user accesses a crafted page or URL, an arbitrary script may be executed on the web browser of the user...

6.1CVSS0.00168EPSS
Exploits0References2
OSV
OSV
added 2025/12/12 5:16 a.m.6 views

CVE-2025-64781

In GroupSession Free edition prior to ver5.7.1, GroupSession byCloud prior to ver5.7.1, and GroupSession ZION prior to ver5.7.1, "External page display restriction" is set to "Do not limit" in the initial configuration. With this configuration, the user may be redirected to an arbitrary website...

5.1CVSS5.8AI score0.00186EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/12/12 5:2 a.m.28 views

CVE-2025-64781

In GroupSession Free edition prior to ver5.7.1, GroupSession byCloud prior to ver5.7.1, and GroupSession ZION prior to ver5.7.1, "External page display restriction" is set to "Do not limit" in the initial configuration. With this configuration, the user may be redirected to an arbitrary website...

5.1CVSS0.00186EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/12/12 5:2 a.m.3 views

CVE-2025-65120

Reflected cross-site scripting vulnerability exists in GroupSession Free edition prior to ver5.7.1, GroupSession byCloud prior to ver5.7.1, and GroupSession ZION prior to ver5.7.1. If a user accesses a crafted page or URL, an arbitrary script may be executed on the web browser of the user...

6.1CVSS5.7AI score0.00168EPSS
Exploits0References2
CVE
CVE
added 2025/12/12 5:2 a.m.13 views

CVE-2025-65120

CVE-2025-65120 is a reflected cross-site scripting vulnerability affecting GroupSession products: Free edition prior to 5.7.1, byCloud prior to 5.7.1, and ZION prior to 5.7.1. The issue allows an arbitrary script to execute in a user’s browser when a crafted page or URL is visited. Root cause det...

6.1CVSS5.7AI score0.00168EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder