Lucene search
K

11 matches found

RedhatCVE
RedhatCVE
added 2026/05/20 7:57 p.m.10 views

CVE-2026-31071

API endpoints in LalanaChami Pharmacy Management System commit 5c3d028 lack authentication middleware. Unauthenticated remote attackers can exploit this to dump all user records including bcrypt password hashes via /api/user/getUserData, modify drug inventory, and access private medical...

9.1CVSS5.8AI score0.00545EPSS
Exploits0References1
NVD
NVD
added 2026/05/19 4:16 p.m.19 views

CVE-2026-31071

API endpoints in LalanaChami Pharmacy Management System commit 5c3d028 lack authentication middleware. Unauthenticated remote attackers can exploit this to dump all user records including bcrypt password hashes via /api/user/getUserData, modify drug inventory, and access private medical...

9.1CVSS0.00545EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/19 12:0 a.m.9 views

CVE-2026-31071

API endpoints in LalanaChami Pharmacy Management System commit 5c3d028 lack authentication middleware. Unauthenticated remote attackers can exploit this to dump all user records including bcrypt password hashes via /api/user/getUserData, modify drug inventory, and access private medical...

5.8AI score0.00545EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/05/19 12:0 a.m.9 views

CVE-2026-31071

API endpoints in LalanaChami Pharmacy Management System commit 5c3d028 lack authentication middleware. Unauthenticated remote attackers can exploit this to dump all user records including bcrypt password hashes via /api/user/getUserData, modify drug inventory, and access private medical...

5.8AI score0.00545EPSS
Exploits0References2
CVE
CVE
added 2026/05/19 12:0 a.m.23 views

CVE-2026-31071

CVE-2026-31071 affects LalanaChami Pharmacy Management System (version 5c3d028). The API endpoints lacking authentication middleware are "/api/user/getUserData" and "/api/doctorOder", enabling unauthenticated remote attackers to dump all user records (including bcrypt password hashes), modify dru...

9.1CVSS5.8AI score0.00545EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/19 12:0 a.m.45 views

CVE-2026-31071

API endpoints in LalanaChami Pharmacy Management System commit 5c3d028 lack authentication middleware. Unauthenticated remote attackers can exploit this to dump all user records including bcrypt password hashes via /api/user/getUserData, modify drug inventory, and access private medical...

0.00545EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/19 12:0 a.m.14 views

PT-2026-41944

Name of the Vulnerable Software and Affected Versions LalanaChami Pharmacy Management System version 5c3d028 Description Certain API endpoints lack authentication middleware, allowing unauthenticated remote attackers to access sensitive data and perform unauthorized actions. Specifically, the...

9.1CVSS5.8AI score0.00545EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/03/25 11:53 p.m.4 views

CVE-2026-34056

OpenEMR is a free and open source electronic health records and medical practice management application. A Broken Access Control vulnerability in OpenEMR up to and including version 8.0.0.3 allows low-privilege users to view and download Ensora eRx error logs without proper authorization checks...

7.7CVSS5.8AI score0.00271EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2024/03/08 1:15 a.m.2 views

CVE-2024-2276

A vulnerability has been found in Bdtask G-Prescription Gynaecology & OBS Consultation Software 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /Venuecontroller/editvenue/ of the component Edit Venue Page. The manipulation of the argument...

6.1CVSS3.7AI score0.00488EPSS
Exploits1References3
Akamai Blog
Akamai Blog
added 2021/05/21 4:0 a.m.18 views

Digital Transformation Usain Bolt-Style: Health Care's Sprint to Modernization

In the present age, patients now use smartphone apps to schedule doctor's visits, contact insurance companies, and get prescriptions instead of picking up the phone...

1.1AI score
Exploits0
Hacker One
Hacker One
added 2016/05/30 5:50 p.m.22 views

drchrono: User with no permissions can create, edit, delete favorite prescriptions /erx/

Hi All, I believe I've found a vulnerability with regards to creating, editing and deleting favorite prescriptions. Description I have a doctor's organization with a staff member who has no permissions. If I visit https://1337test.drchrono.com/erx/ I get permission denied. However, I can create,...

6.9AI score
Exploits0
Rows per page
Query Builder