| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2025-58406 | Lack of HTTP Response Headers | CGM | CGM CLININET | - | - | 2026-03-02 11:16:57 | Deep Dive |
| CVE-2025-58405 | Lack of protection mechanisms against Clickjacking attacks | CGM | CGM CLININET | - | - | 2026-03-02 11:16:45 | Deep Dive |
| CVE-2025-58402 | Insecure Direct Object Reference Message ID | CGM | CGM CLININET | - | - | 2026-03-02 11:16:31 | Deep Dive |
| CVE-2025-30062 | SQL injection in CheckUnitCodeAndKey.pl | CGM | CGM CLININET | - | - | 2026-03-02 11:16:16 | Deep Dive |
| CVE-2025-30044 | RCE on uhcapache user permissions | CGM | CGM CLININET | - | - | 2026-03-02 11:15:44 | Deep Dive |
| CVE-2025-30042 | Session generation possible with certificate number only | CGM | CGM CLININET | - | - | 2026-03-02 11:14:47 | Deep Dive |
| CVE-2025-30035 | Lack of API authentication allowing session generation for any user | CGM | CGM CLININET | - | - | 2026-03-02 11:14:06 | Deep Dive |
| CVE-2025-30064 | Possibility to generate a session for any user via the "ex:action" parameter after obtaining access to the JWT key | CGM | CGM CLININET | - | - | 2025-08-27 10:25:20 | Deep Dive |
| CVE-2025-30063 | Excessive permissions on configuration files containing database logins and passwords | CGM | CGM CLININET | - | - | 2025-08-27 10:25:03 | Deep Dive |
| CVE-2025-30061 | SQL injection in utils/Reporter/OpenReportWindow.pl via the UserID parameter | CGM | CGM CLININET | - | - | 2025-08-27 10:24:56 | Deep Dive |
| CVE-2025-30060 | SQL injection in ReturnUserUnitsXML.pl via the UserID parameter | CGM | CGM CLININET | - | - | 2025-08-27 10:24:46 | Deep Dive |
| CVE-2025-30059 | Authenticated SQL injection in PrepareCDExportJSON.pl | CGM | CGM CLININET | - | - | 2025-08-27 10:24:27 | Deep Dive |
| CVE-2025-30058 | SQL injection in getPatientIdentifier function of PatientService.pl | CGM | CGM CLININET | - | - | 2025-08-27 10:24:03 | Deep Dive |
| CVE-2025-30057 | Authenticated RCE with uhcapache privileges in ConvertToPDF | CGM | CGM CLININET | - | - | 2025-08-27 10:23:38 | Deep Dive |
| CVE-2025-30056 | Calling system commands via RunCommand | CGM | CGM CLININET | - | - | 2025-08-27 10:23:17 | Deep Dive |
| CVE-2025-30055 | Conditional RCE via the "system" function | CGM | CGM CLININET | - | - | 2025-08-27 10:22:42 | Deep Dive |
| CVE-2025-30048 | Unauthenticated access to module configuration endpoint | CGM | CGM CLININET | - | - | 2025-08-27 10:22:15 | Deep Dive |
| CVE-2025-30041 | Missing authentication in APIs returning statistical data along with session IDs | CGM | CGM CLININET | - | - | 2025-08-27 10:21:42 | Deep Dive |
| CVE-2025-30040 | Missing authentication in API returning request logs containing session IDs | CGM | CGM CLININET | - | - | 2025-08-27 10:21:17 | Deep Dive |
| CVE-2025-30039 | Missing authentication in API returning a list of all active sessions | CGM | CGM CLININET | - | - | 2025-08-27 10:20:57 | Deep Dive |