CVE-2025-15581
- EPSS 0.03%
- Veröffentlicht 18.02.2026 22:59:55
- Zuletzt bearbeitet 28.02.2026 18:16:01
Orthanc versions before 1.12.10 are affected by an authorisation logic flaw in the application's HTTP Basic Authentication implementation. Successful exploitation could result in Privilege Escalation, potentially allowing full administrative access...
CVE-2025-0896
- EPSS 0.15%
- Veröffentlicht 13.02.2025 02:15:29
- Zuletzt bearbeitet 30.07.2025 18:11:27
Orthanc server prior to version 1.5.8 does not enable basic authentication by default when remote access is enabled. This could result in unauthorized access by an attacker.
CVE-2024-22725
- EPSS 0.6%
- Veröffentlicht 24.01.2024 16:15:08
- Zuletzt bearbeitet 04.06.2025 22:15:25
Orthanc versions before 1.12.2 are affected by a reflected cross-site scripting (XSS) vulnerability. The vulnerability was present in the server's error reporting.
CVE-2023-33466
- EPSS 24.56%
- Veröffentlicht 29.06.2023 15:15:09
- Zuletzt bearbeitet 26.11.2024 19:15:20
Orthanc before 1.12.0 allows authenticated users with access to the Orthanc API to overwrite arbitrary files on the file system, and in specific deployment scenarios allows the attacker to overwrite the configuration, which can be exploited to trigge...