Lucene search
K

1362 matches found

Nuclei
Nuclei
added 17 hours ago134 views

NextGen Mirth Connect - Remote Code Execution

Mirth Connect, by NextGen HealthCare, is an open source data integration platform widely used by healthcare companies. Versions prior to 4.4.1 are vulnerable to an unauthenticated remote code execution vulnerability id: CVE-2023-37679 info: name: NextGen Mirth Connect - Remote Code Execution...

9.8CVSS7.5AI score0.96129EPSS
Exploits22References5
EUVD
EUVD
added 2026/06/17 6:35 p.m.11 views

EUVD-2025-210254

Unauthenticated Local File Inclusion in LuxMed | Medicine & Healthcare Doctor WordPress Theme = 1.2.2 versions...

8.1CVSS5.1AI score0.00348EPSS
Exploits0References2
Malwarebytes
Malwarebytes
added 2026/05/20 3:33 p.m.31 views

Fake malware-signing service Fox Tempest dismantled by Microsoft

Microsoft says it dismantled a malware-signing-as-a-service MSaaS called Fox Tempest, which helped cybercriminals make malware appear legitimate. The service let customers submit malicious files to be digitally signed with short-lived Microsoft-issued certificates, making the malware look...

6AI score
Exploits0
The Hacker News
The Hacker News
added 2026/05/20 2:36 p.m.33 views

Microsoft Takes Down Malware-Signing Service Behind Ransomware Attacks

Microsoft on Tuesday said it disrupted a malware-signing-as-a-service MSaaS operation that weaponized the company's Artifact Signing system to deliver malicious code and conduct ransomware and other attacks, compromising thousands of machines and networks across the world. The tech giant attribut...

5.8AI score
Exploits0
Malwarebytes
Malwarebytes
added 2026/05/19 3:56 p.m.14 views

Biometrics, diagnoses, and bank details exposed in major healthcare breach

NYC Health + Hospitals NYC H+H posted a data breach notice about a months‑long breach via a third‑party vendor that exposed highly sensitive patient and employee data for at least 1.8 million people, including medical records, government IDs, geolocation data, and even fingerprint and palm‑print...

5.7AI score
Exploits0
GitLab Advisory Database
GitLab Advisory Database
added 2026/05/18 12:0 a.m.16 views

HAPI FHIR: ReDoS via FHIRPath matches()/replaceMatches() in FHIR Validator HTTP Endpoint

All implementations of FHIRPathEngine accept arbitrary FHIRPath expressions and evaluate them without input validation. The FHIRPath functions matches, matchesFull, and replaceMatches pass user-controlled regular expressions directly to Java's Pattern.compile and String.replaceAll without...

5.9AI score0.00086EPSS
Exploits0References3
GitLab Advisory Database
GitLab Advisory Database
added 2026/05/18 12:0 a.m.8 views

HAPI FHIR: ReDoS via FHIRPath matches()/replaceMatches() in FHIR Validator HTTP Endpoint

All implementations of FHIRPathEngine accept arbitrary FHIRPath expressions and evaluate them without input validation. The FHIRPath functions matches, matchesFull, and replaceMatches pass user-controlled regular expressions directly to Java's Pattern.compile and String.replaceAll without...

5.9AI score0.00086EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/05/07 8:21 p.m.11 views

CVE-2026-8032

A flaw has been found in PicoTronica e-Clinic Healthcare System ECHS 5.7. The impacted element is an unknown function of the file /cdemos/echs/priv/echs.js. This manipulation of the argument ADMINKEY causes hard-coded credentials. The attack is possible to be carried out remotely. The exploit has...

7.5CVSS6.8AI score0.00284EPSS
Exploits0References1
NVD
NVD
added 2026/05/06 8:16 p.m.11 views

CVE-2026-8032

A flaw has been found in PicoTronica e-Clinic Healthcare System ECHS 5.7. The impacted element is an unknown function of the file /cdemos/echs/priv/echs.js. This manipulation of the argument ADMINKEY causes hard-coded credentials. The attack is possible to be carried out remotely. The exploit has...

7.5CVSS0.00284EPSS
Exploits0References4
CVE
CVE
added 2026/05/06 7:30 p.m.26 views

CVE-2026-8033

PicoTronica e-Clinic Healthcare System ECHS version 5.7 contains a vulnerability in the Response Header Handler component, specifically affecting the file /cdemos/echs/api/v2/. The issue allows information disclosure due to manipulation of the response headers. Exploitation is described as possib...

6.9CVSS5.5AI score0.00292EPSS
Exploits0References4
CVE
CVE
added 2026/05/06 7:0 p.m.12 views

CVE-2026-8032

CVE-2026-8032 affects PicoTronica e-Clinic Healthcare System ECHS (v5.7). In echs.js (path: /cdemos/echs/priv/echs.js), an argument manipulation of ADMIN_KEY leads to hard-coded credentials exposed in the remote-access component. The issue enables remote exploitation with a published exploit; imp...

7.5CVSS6.8AI score0.00284EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/06 12:0 a.m.12 views

PT-2026-38216

Name of the Vulnerable Software and Affected Versions PicoTronica e-Clinic Healthcare System ECHS version 5.7 Description A missing authentication flaw exists in the API Endpoint component within the file '/cdemos/echs/api/v2/patient-records'. This issue allows a remote attacker to bypass...

6.9CVSS6.1AI score0.00394EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/05/06 12:0 a.m.12 views

PicoTronica e-Clinic Healthcare System ECHS 信息泄露漏洞

PicoTronica e-Clinic Healthcare System ECHS is a medical clinic management system developed by the British company PicoTronica. Version 5.7 of the PicoTronica e-Clinic Healthcare System ECHS contains a vulnerability related to information leakage. This vulnerability stems from an unknown function...

6.9CVSS6AI score0.00292EPSS
Exploits0References2
HackRead
HackRead
added 2026/05/05 1:30 p.m.36 views

LuxSci Launches Enterprise-Grade HIPAA-Compliant Email Security for Mid-Sized Healthcare Organizations

Cambridge, MA, 5th May 2026, CyberNewswire...

5.8AI score
Exploits0
hivepro
hivepro
added 2026/05/04 4:7 p.m.8 views

Why VM Programs Suck

& From the Trenches This is the conversation I have with VM leads every week. It usually starts at minute thirty of a discovery call, after the official agenda is over and the Zoom faces relax. Someone says "can I be honest with you for a second?" — and then I get the list. Same complaints...

5.6AI score
Exploits0
CNNVD
CNNVD
added 2026/04/21 12:0 a.m.13 views

Data Sharing Framework 安全漏洞

Data Sharing Framework is an open-source distributed medical data sharing and processing framework based on BPMN and FHIR. Versions of Data Sharing Framework prior to 2.1.0 contained security vulnerabilities, which were caused by the incorrect use of reverse time comparison logic in the OIDC and...

6.3CVSS5.8AI score0.00291EPSS
Exploits0References1
HackRead
HackRead
added 2026/04/08 2:19 p.m.8 views

Storm-1175 Deploys Medusa Ransomware Within 24 Hours of Flaw Disclosure

Microsoft researchers have uncovered a fast-moving group, Storm-1175, launching high-speed Medusa ransomware attacks against healthcare and education sectors in the UK, US, and Australia by exploiting security flaws in as little as 24 hours...

5.9AI score
Exploits0
The Hacker News
The Hacker News
added 2026/04/07 6:35 a.m.19 views

China-Linked Storm-1175 Exploits Zero-Days to Rapidly Deploy Medusa Ransomware

A China-based threat actor known for deploying Medusa ransomware has been linked to the weaponization of a combination of zero-day and N-day vulnerabilities to orchestrate "high-velocity" attacks and break into susceptible internet-facing systems. "The threat actor's high operational tempo and...

10CVSS7.4AI score0.99999EPSS
Exploits133
Microsoft Secure
Microsoft Secure
added 2026/04/06 4:0 p.m.20 views

Storm-1175 focuses gaze on vulnerable web-facing assets in high-tempo Medusa ransomware operations

In this article 1. Storm-1175’s rapid attack chain: From initial access to impact 2. Mitigation and protection guidance 3. Microsoft Defender detections 4. Indicators of compromise The financially motivated cybercriminal actor tracked by Microsoft Threat Intelligence as Storm-1175 operates...

10CVSS7.4AI score0.99999EPSS
Exploits162
Akamai Blog
Akamai Blog
added 2026/04/02 12:0 p.m.5 views

Compliance Won’t Save Healthcare: Reducing the Blast Radius Will

...

5.8AI score
Exploits0
Rows per page
Query Builder