7.1
CVE-2025-58402 - Insecure Direct Object Reference Message ID
The CGM CLININET application uses direct, sequential object identifiers "MessageID" without proper authorization checks. By modifying the parameter in the GET request, an attacker can access messages and attachments belonging to other users.
6.9
CVE-2025-30062 - SQL injection in CheckUnitCodeAndKey.pl
In the "CheckUnitCodeAndKey.pl" service, the "validateOrgUnit" function is vulnerable to SQL injection.
9.4
CVE-2025-30044 - RCE on uhcapache user permissions
In the endpoints "/cgi-bin/CliniNET.prd/utils/usrlogstat_simple.pl", "/cgi-bin/CliniNET.prd/utils/usrlogstat.pl", "/cgi-bin/CliniNET.prd/utils/userlogstat2.pl", and "/cgi-bin/CliniNET.prd/utils/dblogstat.pl", the parameters are not sufficiently normalized, which enables code injection.
9
CVE-2025-30042 - Session generation possible with certificate number only
The CGM CLININET system provides smart card authentication; however, authentication is conducted locally on the client device, and, in reality, only the certificate number is used for access verification. As a result, possession of the certificate number alone is sufficient for authentication, regaโฆ
9
CVE-2025-30035 - Lack of API authentication allowing session generation for any user
The vulnerability enables an attacker to fully bypass authentication in CGM CLININET and gain access to any active user account by supplying only the username, without requiring a password or any other credentials. Obtaining a session ID is sufficient for session takeover and grants access to the sโฆ
6.1
CVE-2026-3442 - binutils: GNU Binutils: Information disclosure or denial of service via out-of-bounds read in bfd lโฆ
No description is available for this CVE.
6.1
CVE-2026-3441 - binutils: GNU Binutils: Information disclosure via specially crafted XCOFF object file
No description is available for this CVE.
8.8
CVE-2025-10350 - SQL injection inย CGM NETRAAD
SQL Injection vulnerability in "imageserver" module when processing C-FIND queriesย in CGM NETRAAD software allows attacker connected to PACS gaining access to database, includingย data processed by GCM CLININET software.This issue affects CGM NETRAAD with imageserver module in versions before 7.9.0.
9.3
CVE-2026-2584 - SQL Injection in Ciser System SL firmware
A critical SQL Injection (SQLi) vulnerability has been identified in the authentication module of the system. An unauthenticated, remote attacker (AV:N/PR:N) can exploit this flaw by sending specially crafted SQL queries through the login interface. Due to low attack complexity (AC:L) and the absenโฆ
0.0
CVE-2026-20416 -
In pcie, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10315038 / ALPS10340155; Issue ID: MSV-5155.