CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

267 matches found

Hospital Management System 1.0 - SQL Injection

Hospital Management System 1.0 contains a SQL injection vulnerability via the editid parameter in /HMS/doctor.php. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site. id:...

9.8CVSS7.4AI score0.06319EPSS

Exploits1References4

Nuclei•added 16 hours ago•33 views

Hospital Management System 1.0 - SQL Injection

Hospital Management System 1.0 contains a SQL injection vulnerability via the editid parameter in /HMS/user-login.php. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site. id:...

9.8CVSS7.4AI score0.04426EPSS

Exploits1References5

Nuclei•added 2 days ago•34 views

Hospital Management System 1.0 - SQL Injection

Hospital Management System 1.0 contains a SQL injection vulnerability via the editid parameter in /HMS/admin.php. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site. id:...

7.2CVSS7.2AI score0.03673EPSS

Exploits1References5

CVE•added 6 days ago•22 views

CVE-2026-54419

PIAF-HMS (PBX-In-A-Flash Hotel Management System) contains multiple unauthenticated SQL injection vulnerabilities. The app has no authentication and passes user-supplied HTTP parameters directly into deprecated mysql_query() calls via string concatenation, without sanitization, escaping, or param...

9.8CVSS5.8AI score0.00587EPSS

Exploits0References3

RedhatCVE•added 2026/03/26 3:18 p.m.•4 views

CVE-2026-25819

HMS Networks Ewon Flexy with firmware before 15.0s4, Cosy+ with firmware 22.xx before 22.1s6, and Cosy+ with firmware 23.xx before 23.0s3 allows unauthenticated attackers to cause a Denial of Service by using a specially crafted HTTP request that leads to a reboot of the device, provided they hav...

7.5CVSS5.8AI score0.00483EPSS

Exploits0References1

RedhatCVE•added 2026/03/26 3:18 p.m.•3 views

CVE-2026-25817

HMS Networks Ewon Flexy with firmware before 15.0s4, Cosy+ with firmware 22.xx before 22.1s6, and Cosy+ with firmware 23.xx before 23.0s3 have improper neutralization of special elements used in an OS command allowing remote code execution by attackers with low privilege access on the gateway,...

8.8CVSS6.6AI score0.00792EPSS

Exploits0References1

EUVD•added 2026/03/13 9:31 p.m.•4 views

EUVD-2026-11715

HMS Networks Ewon Flexy with firmware before 15.0s4, Cosy+ with firmware 22.xx before 22.1s6, and Cosy+ with firmware 23.xx before 23.0s3 have a stack buffer overflow that leads to a Denial of Service, which can also be exploited to achieve Unauthenticated Remote Code Execution...

9.8CVSS6.1AI score0.00725EPSS

Exploits0References3

EUVD•added 2026/03/13 9:31 p.m.•3 views

EUVD-2026-11713

7.5CVSS5.8AI score0.00483EPSS

Exploits0References3

EUVD•added 2026/03/13 9:31 p.m.•6 views

EUVD-2026-11709

8.8CVSS6.4AI score0.00792EPSS

Exploits0References3

NVD•added 2026/03/13 7:54 p.m.•5 views

CVE-2026-25818

HMS Networks Ewon Flexy with firmware before 15.0s4, Cosy+ with firmware 22.xx before 22.1s6, and Cosy+ with firmware 23.xx before 23.0s3 have weak entropy for authentication cookies, allowing an attacker with a stolen session cookie to find the user password by brute-forcing an encryption...

9.1CVSS0.00143EPSS

Exploits0References2

NVD•added 2026/03/13 7:54 p.m.•5 views

CVE-2026-25819

7.5CVSS0.00483EPSS

Exploits0References2

CNNVD•added 2026/03/13 12:0 a.m.•3 views

HMS Cosy+和HMS Ewon Flexy 安全漏洞

HMS Cosy+ and HMS Ewon Flexy are both products from the Swedish company HMS. HMS Cosy+ is an application for industrial remote access. HMS Ewon Flexy is a remote access gateway device. Both HMS Cosy+ and HMS Ewon Flexy have security vulnerabilities, which stem from improper handling of specially...

7.5CVSS5.9AI score0.00483EPSS

Exploits0References2

ATTACKERKB•added 2026/03/12 12:0 a.m.•2 views

CVE-2026-25823

6.1AI score0.00725EPSS

Exploits0References3

ATTACKERKB•added 2026/03/12 12:0 a.m.•3 views

CVE-2026-25819

5.8AI score0.00483EPSS

Exploits0References3

Vulnrichment•added 2026/03/12 12:0 a.m.•2 views

CVE-2026-25823

6AI score0.00725EPSS

Exploits0References2

Positive Technologies•added 2026/03/12 12:0 a.m.•6 views

PT-2026-25079

9.1CVSS5.8AI score0.00143EPSS

Exploits0References6

ATTACKERKB•added 2026/03/12 12:0 a.m.•5 views

CVE-2026-25817

6.4AI score0.00792EPSS

Exploits0References3

CVE•added 2026/03/12 12:0 a.m.•6 views

CVE-2026-25818

Affected devices: HMS Networks Ewon Flexy (firmware before 15.0s4) and Cosy+ (firmware 22.xx before 22.1s6 and 23.xx before 23.0s3). What’s affected: authentication cookies with weak entropy used to secure sessions. Root cause: weak entropy enables an attacker possessing a stolen session cookie t...

9.1CVSS5.8AI score0.00143EPSS

Exploits0References2

CVE•added 2026/03/12 12:0 a.m.•8 views

CVE-2026-25817

CVE-2026-25817 affects HMS Networks Ewon Flexy and Cosy+ devices. The root cause is improper neutralization of special elements used in OS commands, enabling remote code execution when an attacker has credentials and low privileges on the gateway. Affected firmware: Flexy before 15.0s4; Cosy+ bef...

8.8CVSS6.4AI score0.00792EPSS

Exploits0References2

RedhatCVE•added 2026/01/09 11:26 a.m.•5 views

CVE-2021-33214

In HMS Ewon eCatcher through 6.6.4, weak filesystem permissions could allow malicious users to access files that could lead to sensitive information disclosure, modification of configuration files, or disruption of normal system operation...

6.1CVSS6.5AI score0.00649EPSS

Exploits1References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by