Changing
Products
3- 2 CVEs
- 2 CVEs
- 1 CVE
Recent CVEs
5| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-8861 | Cri | 0.64 | 9.8 | 0.00 | Aug 29, 2025 | TSA developed by Changing has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to read, modify, and delete database contents. | ||
| CVE-2025-8857 | Cri | 0.64 | 9.8 | 0.00 | Aug 29, 2025 | Clinic Image System developed by Changing contains hard-coded Credentials, allowing unauthenticated remote attackers to log into the system using administrator credentials embedded in the source code. | ||
| CVE-2025-8858 | Hig | 0.49 | 7.5 | 0.00 | Aug 29, 2025 | Clinic Image System developed by Changing has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read database contents. | ||
| CVE-2026-3000 | 0.00 | — | 0.01 | Mar 2, 2026 | IDExpert Windows Logon Agent developed by Changing has a Remote Code Execution vulnerability, allowing unauthenticated remote attackers to force the system to download arbitrary DLL files from a remote source and execute them. | |||
| CVE-2026-2999 | 0.00 | — | 0.01 | Mar 2, 2026 | IDExpert Windows Logon Agent developed by Changing has a Remote Code Execution vulnerability, allowing unauthenticated remote attackers to force the system to download arbitrary executable files from a remote source and execute them. |
- risk 0.64cvss 9.8epss 0.00
TSA developed by Changing has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to read, modify, and delete database contents.
- risk 0.64cvss 9.8epss 0.00
Clinic Image System developed by Changing contains hard-coded Credentials, allowing unauthenticated remote attackers to log into the system using administrator credentials embedded in the source code.
- risk 0.49cvss 7.5epss 0.00
Clinic Image System developed by Changing has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read database contents.
- CVE-2026-3000Mar 2, 2026risk 0.00cvss —epss 0.01
IDExpert Windows Logon Agent developed by Changing has a Remote Code Execution vulnerability, allowing unauthenticated remote attackers to force the system to download arbitrary DLL files from a remote source and execute them.
- CVE-2026-2999Mar 2, 2026risk 0.00cvss —epss 0.01
IDExpert Windows Logon Agent developed by Changing has a Remote Code Execution vulnerability, allowing unauthenticated remote attackers to force the system to download arbitrary executable files from a remote source and execute them.