CVE-2026-20445 - MDDP System Crash Vulnerability (Denial of Service)
CVE ID : CVE-2026-20445
Published : March 2, 2026, 9:16 a.m. | 15 minutes ago
Description : In MDDP, there is a possible system crash due to a race condition. This could lead to local denial of service if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10289875; Issue ID: MSV-5184.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-20445
Published : March 2, 2026, 9:16 a.m. | 15 minutes ago
Description : In MDDP, there is a possible system crash due to a race condition. This could lead to local denial of service if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10289875; Issue ID: MSV-5184.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-2584 - SQL Injection in Ciser System SL firmware
CVE ID : CVE-2026-2584
Published : March 2, 2026, 9:16 a.m. | 15 minutes ago
Description : A critical SQL Injection (SQLi) vulnerability has been identified in the authentication module of the system. An unauthenticated, remote attacker (AV:N/PR:N) can exploit this flaw by sending specially crafted SQL queries through the login interface. Due to low attack complexity (AC:L) and the absence of specific requirements (AT:N), the vulnerability allows for a total compromise of the system's configuration data (VC:H/VI:H). While the availability of the service remains unaffected (VA:N), the breach may lead to a limited exposure of sensitive information regarding subsequent or interconnected systems (SC:L).
Severity: 9.3 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-2584
Published : March 2, 2026, 9:16 a.m. | 15 minutes ago
Description : A critical SQL Injection (SQLi) vulnerability has been identified in the authentication module of the system. An unauthenticated, remote attacker (AV:N/PR:N) can exploit this flaw by sending specially crafted SQL queries through the login interface. Due to low attack complexity (AC:L) and the absence of specific requirements (AT:N), the vulnerability allows for a total compromise of the system's configuration data (VC:H/VI:H). While the availability of the service remains unaffected (VA:N), the breach may lead to a limited exposure of sensitive information regarding subsequent or interconnected systems (SC:L).
Severity: 9.3 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-10350 - SQL injection in CGM NETRAAD
CVE ID : CVE-2025-10350
Published : March 2, 2026, 11:09 a.m. | 22 minutes ago
Description : SQL Injection vulnerability in "imageserver" module when processing C-FIND queries in CGM NETRAAD software allows attacker connected to PACS gaining access to database, including data processed by GCM CLININET software.This issue affects CGM NETRAAD with imageserver module in versions before 7.9.0.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-10350
Published : March 2, 2026, 11:09 a.m. | 22 minutes ago
Description : SQL Injection vulnerability in "imageserver" module when processing C-FIND queries in CGM NETRAAD software allows attacker connected to PACS gaining access to database, including data processed by GCM CLININET software.This issue affects CGM NETRAAD with imageserver module in versions before 7.9.0.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-30035 - Lack of API authentication allowing session generation for any user
CVE ID : CVE-2025-30035
Published : March 2, 2026, 11:14 a.m. | 18 minutes ago
Description : The vulnerability enables an attacker to fully bypass authentication in CGM CLININET and gain access to any active user account by supplying only the username, without requiring a password or any other credentials. Obtaining a session ID is sufficient for session takeover and grants access to the system with the privileges of the targeted user.
Severity: 9.0 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-30035
Published : March 2, 2026, 11:14 a.m. | 18 minutes ago
Description : The vulnerability enables an attacker to fully bypass authentication in CGM CLININET and gain access to any active user account by supplying only the username, without requiring a password or any other credentials. Obtaining a session ID is sufficient for session takeover and grants access to the system with the privileges of the targeted user.
Severity: 9.0 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-30042 - Session generation possible with certificate number only
CVE ID : CVE-2025-30042
Published : March 2, 2026, 11:14 a.m. | 17 minutes ago
Description : The CGM CLININET system provides smart card authentication; however, authentication is conducted locally on the client device, and, in reality, only the certificate number is used for access verification. As a result, possession of the certificate number alone is sufficient for authentication, regardless of the actual presence of the smart card or ownership of the private key.
Severity: 9.0 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-30042
Published : March 2, 2026, 11:14 a.m. | 17 minutes ago
Description : The CGM CLININET system provides smart card authentication; however, authentication is conducted locally on the client device, and, in reality, only the certificate number is used for access verification. As a result, possession of the certificate number alone is sufficient for authentication, regardless of the actual presence of the smart card or ownership of the private key.
Severity: 9.0 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-30044 - RCE on uhcapache user permissions
CVE ID : CVE-2025-30044
Published : March 2, 2026, 11:15 a.m. | 16 minutes ago
Description : In the endpoints "/cgi-bin/CliniNET.prd/utils/usrlogstat_simple.pl", "/cgi-bin/CliniNET.prd/utils/usrlogstat.pl", "/cgi-bin/CliniNET.prd/utils/userlogstat2.pl", and "/cgi-bin/CliniNET.prd/utils/dblogstat.pl", the parameters are not sufficiently normalized, which enables code injection.
Severity: 9.4 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-30044
Published : March 2, 2026, 11:15 a.m. | 16 minutes ago
Description : In the endpoints "/cgi-bin/CliniNET.prd/utils/usrlogstat_simple.pl", "/cgi-bin/CliniNET.prd/utils/usrlogstat.pl", "/cgi-bin/CliniNET.prd/utils/userlogstat2.pl", and "/cgi-bin/CliniNET.prd/utils/dblogstat.pl", the parameters are not sufficiently normalized, which enables code injection.
Severity: 9.4 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-30062 - SQL injection in CheckUnitCodeAndKey.pl
CVE ID : CVE-2025-30062
Published : March 2, 2026, 11:16 a.m. | 16 minutes ago
Description : In the "CheckUnitCodeAndKey.pl" service, the "validateOrgUnit" function is vulnerable to SQL injection.
Severity: 6.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-30062
Published : March 2, 2026, 11:16 a.m. | 16 minutes ago
Description : In the "CheckUnitCodeAndKey.pl" service, the "validateOrgUnit" function is vulnerable to SQL injection.
Severity: 6.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-58402 - Insecure Direct Object Reference Message ID
CVE ID : CVE-2025-58402
Published : March 2, 2026, 11:16 a.m. | 16 minutes ago
Description : The CGM CLININET application uses direct, sequential object identifiers "MessageID" without proper authorization checks. By modifying the parameter in the GET request, an attacker can access messages and attachments belonging to other users.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-58402
Published : March 2, 2026, 11:16 a.m. | 16 minutes ago
Description : The CGM CLININET application uses direct, sequential object identifiers "MessageID" without proper authorization checks. By modifying the parameter in the GET request, an attacker can access messages and attachments belonging to other users.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-58405 - Lack of protection mechanisms against Clickjacking attacks
CVE ID : CVE-2025-58405
Published : March 2, 2026, 11:16 a.m. | 15 minutes ago
Description : The CGM CLININET application does not implement any mechanisms that prevent clickjacking attacks, neither HTTP security headers nor HTML-based frame‑busting protections were detected. As a result, an attacker can embed the application inside a maliciously crafted IFRAME and trick users into performing unintended actions, including potentially bypassing CSRF/XSRF defenses.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-58405
Published : March 2, 2026, 11:16 a.m. | 15 minutes ago
Description : The CGM CLININET application does not implement any mechanisms that prevent clickjacking attacks, neither HTTP security headers nor HTML-based frame‑busting protections were detected. As a result, an attacker can embed the application inside a maliciously crafted IFRAME and trick users into performing unintended actions, including potentially bypassing CSRF/XSRF defenses.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-58406 - Lack of HTTP Response Headers
CVE ID : CVE-2025-58406
Published : March 2, 2026, 11:16 a.m. | 15 minutes ago
Description : The CGM CLININET application respond without essential security HTTP headers, exposing users to client‑side attacks such as clickjacking, MIME sniffing, unsafe caching, weak cross‑origin isolation, and missing transport security controls.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-58406
Published : March 2, 2026, 11:16 a.m. | 15 minutes ago
Description : The CGM CLININET application respond without essential security HTTP headers, exposing users to client‑side attacks such as clickjacking, MIME sniffing, unsafe caching, weak cross‑origin isolation, and missing transport security controls.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-12462 - Blind SQL Injection in DobryCMS
CVE ID : CVE-2025-12462
Published : March 2, 2026, 1:16 p.m. | 17 minutes ago
Description : A Blind SQL injection vulnerability has been identified in DobryCMS. A remote unauthenticated attacker is able to inject SQL syntax into URL path resulting in Blind SQL Injection. This issue was fixed in versions above 8.0.
Severity: 9.3 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-12462
Published : March 2, 2026, 1:16 p.m. | 17 minutes ago
Description : A Blind SQL injection vulnerability has been identified in DobryCMS. A remote unauthenticated attacker is able to inject SQL syntax into URL path resulting in Blind SQL Injection. This issue was fixed in versions above 8.0.
Severity: 9.3 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-14532 - Remote Code Execution via Unrestricted File Upload in DobryCMS
CVE ID : CVE-2025-14532
Published : March 2, 2026, 1:16 p.m. | 17 minutes ago
Description : DobryCMS's upload file functionality allows an unauthenticated remote attacker to upload files of any type and extension without restriction, which can result in Remote Code Execution. This issue was fixed in versions above 5.0.
Severity: 9.3 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-14532
Published : March 2, 2026, 1:16 p.m. | 17 minutes ago
Description : DobryCMS's upload file functionality allows an unauthenticated remote attacker to upload files of any type and extension without restriction, which can result in Remote Code Execution. This issue was fixed in versions above 5.0.
Severity: 9.3 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-3431 - Sim Studio AI - MongoDB SSRF and Arbitrary Document Deletion
CVE ID : CVE-2026-3431
Published : March 2, 2026, 1:16 p.m. | 17 minutes ago
Description : On SimStudio version below to 0.5.74, the MongoDB tool endpoints accept arbitrary connection parameters from the caller without authentication or host restrictions. An attacker can leverage these endpoints to connect to any reachable MongoDB instance and perform unauthorized operations including reading, modifying, and deleting data.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-3431
Published : March 2, 2026, 1:16 p.m. | 17 minutes ago
Description : On SimStudio version below to 0.5.74, the MongoDB tool endpoints accept arbitrary connection parameters from the caller without authentication or host restrictions. An attacker can leverage these endpoints to connect to any reachable MongoDB instance and perform unauthorized operations including reading, modifying, and deleting data.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-3432 - Sim Studio AI - Unauthenticated OAuth Token Theft
CVE ID : CVE-2026-3432
Published : March 2, 2026, 1:16 p.m. | 17 minutes ago
Description : On SimStudio version below to 0.5.74, the `/api/auth/oauth/token` endpoint contains a code path that bypasses all authorization checks when provided with `credentialAccountUserId` and `providerId` parameters. An unauthenticated attacker can retrieve OAuth access tokens for any user by supplying their user ID and a provider name, effectively stealing credentials to third-party services.
Severity: 9.3 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-3432
Published : March 2, 2026, 1:16 p.m. | 17 minutes ago
Description : On SimStudio version below to 0.5.74, the `/api/auth/oauth/token` endpoint contains a code path that bypasses all authorization checks when provided with `credentialAccountUserId` and `providerId` parameters. An unauthenticated attacker can retrieve OAuth access tokens for any user by supplying their user ID and a provider name, effectively stealing credentials to third-party services.
Severity: 9.3 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-47381 - Use After Free in Automotive Audio
CVE ID : CVE-2025-47381
Published : March 2, 2026, 5:16 p.m. | 18 minutes ago
Description : Memory Corruption while processing IOCTL calls when concurrent access to shared buffer occurs.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-47381
Published : March 2, 2026, 5:16 p.m. | 18 minutes ago
Description : Memory Corruption while processing IOCTL calls when concurrent access to shared buffer occurs.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-47383 - Missing Cryptographic Step in Data Modem
CVE ID : CVE-2025-47383
Published : March 2, 2026, 5:16 p.m. | 18 minutes ago
Description : Weak configuration may lead to cryptographic issue when a VoWiFi call is triggered from UE.
Severity: 7.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-47383
Published : March 2, 2026, 5:16 p.m. | 18 minutes ago
Description : Weak configuration may lead to cryptographic issue when a VoWiFi call is triggered from UE.
Severity: 7.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-47384 - Reachable Assertion in FW
CVE ID : CVE-2025-47384
Published : March 2, 2026, 5:16 p.m. | 18 minutes ago
Description : Transient DOS when MAC configures config id greater than supported maximum value.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-47384
Published : March 2, 2026, 5:16 p.m. | 18 minutes ago
Description : Transient DOS when MAC configures config id greater than supported maximum value.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-47385 - Improper Access Control for Register Interface in SCE-Mink
CVE ID : CVE-2025-47385
Published : March 2, 2026, 5:16 p.m. | 18 minutes ago
Description : Memory Corruption when accessing trusted execution environment without proper privilege check.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-47385
Published : March 2, 2026, 5:16 p.m. | 18 minutes ago
Description : Memory Corruption when accessing trusted execution environment without proper privilege check.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-47386 - Use After Free in Automotive Audio
CVE ID : CVE-2025-47386
Published : March 2, 2026, 5:16 p.m. | 18 minutes ago
Description : Memory Corruption while invoking IOCTL calls when concurrent access to shared buffer occurs.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-47386
Published : March 2, 2026, 5:16 p.m. | 18 minutes ago
Description : Memory Corruption while invoking IOCTL calls when concurrent access to shared buffer occurs.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-59600 - Buffer Over-read in Graphics
CVE ID : CVE-2025-59600
Published : March 2, 2026, 5:16 p.m. | 18 minutes ago
Description : Memory Corruption when adding user-supplied data without checking available buffer space.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-59600
Published : March 2, 2026, 5:16 p.m. | 18 minutes ago
Description : Memory Corruption when adding user-supplied data without checking available buffer space.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-59603 - Out-of-bounds Write in Computer Vision
CVE ID : CVE-2025-59603
Published : March 2, 2026, 5:16 p.m. | 18 minutes ago
Description : Memory Corruption when processing invalid user address with nonstandard buffer address.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-59603
Published : March 2, 2026, 5:16 p.m. | 18 minutes ago
Description : Memory Corruption when processing invalid user address with nonstandard buffer address.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...