CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

87 matches found

RedhatCVE•added 2026/03/05 1:57 a.m.•5 views

CVE-2026-24898

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0, an unauthenticated token disclosure vulnerability in the MedEx callback endpoint allows any unauthenticated visitor to obtain the practice's MedEx API tokens, leading to comple...

10CVSS6AI score0.00081EPSS

Exploits1References1

CNNVD•added 2026/03/03 12:0 a.m.•2 views

OpenEMR 授权问题漏洞

OpenEMR is a set of open-source medical management systems developed by the OpenEMR community. This system can be used for medical practice management, electronic medical records, prescription writing, and medical billing applications. Versions of OpenEMR prior to 8.0.0 contained vulnerabilities...

10CVSS5.8AI score0.00081EPSS

Exploits1References2

RedhatCVE•added 2025/12/18 6:43 a.m.•3 views

CVE-2025-14817

The component com.transsion.tranfacmode.entrance.main.MainActivity in com.transsion.tranfacmode has no permission control and can be accessed by third-party apps which can construct intents to directly open adb debugging functionality without user interaction...

6.5CVSS6.9AI score0.00033EPSS

Exploits0References1

OSV•added 2025/12/17 7:15 a.m.•2 views

CVE-2025-14817

6.5CVSS5.7AI score0.00033EPSS

Exploits0References2

CVE•added 2025/12/17 6:20 a.m.•5 views

CVE-2025-14817

The CVE-2025-14817 entry affects the com.transsion.tranfacmode.entrance.main.MainActivity component in TECNO devices (e.g., Pova6 Pro 5G). The vulnerability arises from missing permission controls, allowing third-party apps to craft intents that directly open adb debugging functionality without u...

6.5CVSS6.5AI score0.00033EPSS

Exploits0References2Affected Software1

The Hacker News•added 2025/12/08 11:58 a.m.•4 views

How Can Retailers Cyber-Prepare for the Most Vulnerable Time of the Year?

The holiday season compresses risk into a short, high-stakes window. Systems run hot, teams run lean, and attackers time automated campaigns to get maximum return. Multiple industry threat reports show that bot-driven fraud, credential stuffing and account takeover attempts intensify around peak...

7.1AI score

Exploits0

Github Security Blog•added 2025/12/02 12:38 a.m.•4 views

fastify-reply-from affected by bypass of reply forwarding

Summary By crafting a malicious URL, an attacker could access routes that are not allowed, even though the reply.from is defined for specific routes in @fastify/reply-from. Details An attacker can bypass the route defined by the @fastify/reply-from package by adding a .. symbol, which, for curl...

6.9CVSS6.8AI score0.00033EPSS

Exploits0References4Affected Software1