Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

RedhatCVE
RedhatCVEadded 2026/06/05 7:18 p.m.6 views

CVE-2026-45574

epa4all-client is the Java Client for epa4all / ePA 3.0 in the Telematik Infrastruktur. Prior to 1.2.2, an attacker on the network path between the ePA service and the Konnektor can present any TLS certificate self-signed, expired, wrong CN and intercept all SOAP traffic. This includes patient...

8.1CVSS5.5AI score0.00138EPSS
Exploits0References1
NVD
NVDadded 2026/05/26 10:16 p.m.13 views

CVE-2026-45574

epa4all-client is the Java Client for epa4all / ePA 3.0 in the Telematik Infrastruktur. Prior to 1.2.2, an attacker on the network path between the ePA service and the Konnektor can present any TLS certificate self-signed, expired, wrong CN and intercept all SOAP traffic. This includes patient...

8.1CVSS0.00138EPSS
Exploits0References2
ATTACKERKB
ATTACKERKBadded 2026/05/26 9:3 p.m.9 views

CVE-2026-45574

epa4all-client is the Java Client for epa4all / ePA 3.0 in the Telematik Infrastruktur. Prior to 1.2.2, an attacker on the network path between the ePA service and the Konnektor can present any TLS certificate self-signed, expired, wrong CN and intercept all SOAP traffic. This includes patient...

8.1CVSS5.8AI score0.00138EPSS
Exploits0References3Affected Software1
CVE
CVEadded 2026/05/26 9:3 p.m.15 views

CVE-2026-45574

The CVE affects the epa4all-client Java library (for epa4all / ePA 3.0). Before version 1.2.2, a network-path attacker could present any TLS certificate (self-signed/expired/wrong CN) and intercept SOAP traffic, exposing KVNRs, SMC-B authentication/signing, document content, and credential exchan...

8.1CVSS5.8AI score0.00138EPSS
Exploits0References2
OSV
OSVadded 2026/05/15 6:29 p.m.6 views

GHSA-5HHF-XMFX-4VVR epa4all-client: TLS Certificate Validation Disabled in Production

Impact An attacker on the network path between the ePA service and the Konnektor can present any TLS certificate self-signed, expired, wrong CN and intercept all SOAP traffic. This includes patient identifiers KVNR, SMC-B card operations authentication, signing, document content, and credential...

8.1CVSS5.8AI score0.00138EPSS
Exploits0References6
CNNVD
CNNVDadded 2026/02/27 12:0 a.m.4 views

OpenEMR 安全漏洞

OpenEMR is a set of open-source medical management systems developed by the OpenEMR community. This system can be used for medical practice management, electronic medical records, prescription writing, and medical billing applications. Versions of OpenEMR prior to 8.0.0 contained security...

7.1CVSS5.8AI score0.0022EPSS
Exploits1References3
Rapid7 Blog
Rapid7 Blogadded 2026/02/25 4:21 p.m.9 views

Your MRI is Online: The Hidden Risks of Exposed DICOM Servers in UK Healthcare

Hospitals invest heavily in physical security: Clinical areas are access-controlled, sensitive rooms are locked, and patient records are governed by strict handling procedures. Network exposure does not always receive the same level of scrutiny. Rapid7 Labs identified more than 30 UK-based system...

5.6AI score
Exploits0
CNNVD
CNNVDadded 2026/02/25 12:0 a.m.3 views

OpenEMR SQL注入漏洞

OpenEMR is a set of open-source medical management systems developed by the OpenEMR community. This system can be used for medical practice management, electronic medical records, prescription writing, and medical billing applications. Versions of OpenEMR prior to 8.0.0 contained a SQL injection...

8.8CVSS6.8AI score0.00779EPSS
Exploits1References2
Rows per page
Query Builder