Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CGM — Vulnerabilities & Security Advisories 25

Browse all 25 CVE security advisories affecting CGM. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by CGM:CGM CLININETCGM NETRAAD
CVE IDTitleCVSSSeverityPublished
CVE-2025-58406 Lack of HTTP Response Headers — CGM CLININETCWE-693 6.5AIMediumAI2026-03-02
CVE-2025-58405 Lack of protection mechanisms against Clickjacking attacks — CGM CLININETCWE-1021 6.5AIMediumAI2026-03-02
CVE-2025-58402 Insecure Direct Object Reference Message ID — CGM CLININETCWE-639 7.5AIHighAI2026-03-02
CVE-2025-30062 SQL injection in CheckUnitCodeAndKey.pl — CGM CLININETCWE-89 9.8AICriticalAI2026-03-02
CVE-2025-30044 RCE on uhcapache user permissions — CGM CLININETCWE-78 9.8AICriticalAI2026-03-02
CVE-2025-30042 Session generation possible with certificate number only — CGM CLININETCWE-603 6.6AIMediumAI2026-03-02
CVE-2025-30035 Lack of API authentication allowing session generation for any user — CGM CLININETCWE-306 9.8AICriticalAI2026-03-02
CVE-2025-10350 SQL injection in CGM NETRAAD — CGM NETRAADCWE-89 6.5AIMediumAI2026-03-02
CVE-2025-30064 Possibility to generate a session for any user via the "ex:action" parameter after obtaining access to the JWT key — CGM CLININETCWE-912 9.1AICriticalAI2025-08-27
CVE-2025-30063 Excessive permissions on configuration files containing database logins and passwords — CGM CLININETCWE-732 7.1AIHighAI2025-08-27
CVE-2025-30061 SQL injection in utils/Reporter/OpenReportWindow.pl via the UserID parameter — CGM CLININETCWE-89 9.8AICriticalAI2025-08-27
CVE-2025-30060 SQL injection in ReturnUserUnitsXML.pl via the UserID parameter — CGM CLININETCWE-89 9.8AICriticalAI2025-08-27
CVE-2025-30059 Authenticated SQL injection in PrepareCDExportJSON.pl — CGM CLININETCWE-89 9.8AICriticalAI2025-08-27
CVE-2025-30058 SQL injection in getPatientIdentifier function of PatientService.pl — CGM CLININETCWE-89 9.8AICriticalAI2025-08-27
CVE-2025-30057 Authenticated RCE with uhcapache privileges in ConvertToPDF — CGM CLININETCWE-94 9.8AICriticalAI2025-08-27
CVE-2025-30056 Calling system commands via RunCommand — CGM CLININETCWE-94 9.8AICriticalAI2025-08-27
CVE-2025-30055 Conditional RCE via the "system" function — CGM CLININETCWE-94 9.8AICriticalAI2025-08-27
CVE-2025-30048 Unauthenticated access to module configuration endpoint — CGM CLININETCWE-306 7.5AIHighAI2025-08-27
CVE-2025-30041 Missing authentication in APIs returning statistical data along with session IDs — CGM CLININETCWE-306 7.5AIHighAI2025-08-27
CVE-2025-30040 Missing authentication in API returning request logs containing session IDs — CGM CLININETCWE-306 5.3AIMediumAI2025-08-27
CVE-2025-30039 Missing authentication in API returning a list of all active sessions — CGM CLININETCWE-306 9.8AICriticalAI2025-08-27
CVE-2025-30038 Session ID leakage in Zone.Identifier of downloaded files — CGM CLININETCWE-1230 3.3AILowAI2025-08-27
CVE-2025-30037 Missing authentication in APIs allowing data retrieval and modification — CGM CLININETCWE-306 7.5AIHighAI2025-08-27
CVE-2025-30036 Stored XSS permitting session takeover of arbitrary user — CGM CLININETCWE-79 7.6AIHighAI2025-08-27
CVE-2025-2313 RCE via Print.pl in uhcPrintServerPrint — CGM CLININETCWE-94 9.8AICriticalAI2025-08-27

This page lists every published CVE security advisory associated with CGM. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.