Skip to main content

Orthanc

3 CVEs product

Monthly

CVE-2025-0896 CRITICAL Act Now

Orthanc server prior to version 1.5.8 does not enable basic authentication by default when remote access is enabled. Rated critical severity (CVSS 9.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Orthanc Suse
NVD
CVSS 4.0
9.2
EPSS
0.3%
CVE-2024-22725 MEDIUM PATCH This Month

Orthanc versions before 1.12.2 are affected by a reflected cross-site scripting (XSS) vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Orthanc
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-33466 HIGH This Week

Orthanc before 1.12.0 allows authenticated users with access to the Orthanc API to overwrite arbitrary files on the file system, and in specific deployment scenarios allows the attacker to overwrite. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Code Injection Orthanc
NVD
CVSS 3.1
8.8
EPSS
4.2%
EPSS 0% CVSS 9.2
CRITICAL Act Now

Orthanc server prior to version 1.5.8 does not enable basic authentication by default when remote access is enabled. Rated critical severity (CVSS 9.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Orthanc Suse
NVD
EPSS 0% CVSS 6.1
MEDIUM PATCH This Month

Orthanc versions before 1.12.2 are affected by a reflected cross-site scripting (XSS) vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Orthanc
NVD
EPSS 4% CVSS 8.8
HIGH This Week

Orthanc before 1.12.0 allows authenticated users with access to the Orthanc API to overwrite arbitrary files on the file system, and in specific deployment scenarios allows the attacker to overwrite. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Code Injection Orthanc
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy