Malicious code in runtime-vitals (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 f5e056ef78ad47697156c0dce0819370ffc74bb450e226bfb2bf934651b5836b Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

CVE-2026-25744

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.2, the encounter vitals API accepts an id in the request body and treats it as an UPDATE. There is no verification that the vital belongs to the current patient or encounter. An...

CVE-2026-4640

Vitals ESP developed by Galaxy Software Services has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to execute certain functions to obtain sensitive information...

CVE-2026-4639

Vitals ESP developed by Galaxy Software Services has a Incorrect Authorization vulnerability, allowing authenticated remote attackers to perform certain administrative functions, thereby escalating privileges...

EUVD-2026-14742

Vitals ESP developed by Galaxy Software Services has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to execute certain functions to obtain sensitive information...

EUVD-2026-14740

Vitals ESP developed by Galaxy Software Services has a Incorrect Authorization vulnerability, allowing authenticated remote attackers to perform certain administrative functions, thereby escalating privileges...

CVE-2026-4640

Vitals ESP developed by Galaxy Software Services has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to execute certain functions to obtain sensitive information...

CVE-2026-4639

Vitals ESP developed by Galaxy Software Services has a Incorrect Authorization vulnerability, allowing authenticated remote attackers to perform certain administrative functions, thereby escalating privileges...

CVE-2026-4640

The CVE-2026-4640 entry concerns Vitals ESP from Galaxy Software Services, identified in multiple sources (NVD/NIST and CVE List) as a Missing Authentication vulnerability. Unauthenticated remote attackers can access certain functions to obtain sensitive information. Public metrics from TWCERT in...

CVE-2026-4640 Galaxy Software Services｜Vitals ESP - Missing Authentication

Vitals ESP developed by Galaxy Software Services has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to execute certain functions to obtain sensitive information...

CVE-2026-4640 Galaxy Software Services｜Vitals ESP - Missing Authentication

Vitals ESP developed by Galaxy Software Services has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to execute certain functions to obtain sensitive information...

CVE-2026-4639 Galaxy Software Services｜Vitals ESP - Incorrect Authorization

Vitals ESP developed by Galaxy Software Services has a Incorrect Authorization vulnerability, allowing authenticated remote attackers to perform certain administrative functions, thereby escalating privileges...

CVE-2026-4639

CVE-2026-4639 affects Vitals ESP by Galaxy Software Services. The vulnerability is described as Incorrect Authorization, enabling authenticated remote attackers to perform administrative functions and escalate privileges. The NVD/NVD-derived entries provide CVSS 4.0/3.1 values with HIGH severity ...

CVE-2026-4639

Vitals ESP developed by Galaxy Software Services has a Incorrect Authorization vulnerability, allowing authenticated remote attackers to perform certain administrative functions, thereby escalating privileges...

Galaxy Software Services Vitals ESP 安全漏洞

Galaxy Software Services Vitals ESP is an office knowledge management system developed by Galaxy Software Services. There is a security vulnerability in Galaxy Software Services Vitals ESP, which stems from improper authorization. This vulnerability could allow authenticated remote attackers to...

PT-2026-27329

Vitals ESP developed by Galaxy Software Services has a Incorrect Authorization vulnerability, allowing authenticated remote attackers to perform certain administrative functions, thereby escalating privileges...

PT-2026-27330

Vitals ESP developed by Galaxy Software Services has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to execute certain functions to obtain sensitive information...

CVE-2026-25744

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.2, the encounter vitals API accepts an id in the request body and treats it as an UPDATE. There is no verification that the vital belongs to the current patient or encounter. An...

CVE-2026-25744 OpenEMR: POST /api/.../vital Accepts Attacker-Supplied id and Overwrites Arbitrary Vitals

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.2, the encounter vitals API accepts an id in the request body and treats it as an UPDATE. There is no verification that the vital belongs to the current patient or encounter. An...

CVE-2026-25744

OpenEMR prior to 8.0.0.2 exposes a vulnerability in the encounter vitals API: it accepts an id in the request body and updates that vital without verifying ownership of the patient/encounter. An authenticated user with encounters/notes permission can overwrite another patient’s vitals, enabling m...