Every CVE whose affected-product data names Imaworldhealth Bhima, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (3)
CVE-2023-0959 — CVSS 6.5 (medium): Bhima version 1.27.0 allows a remote attacker to update the privileges of any account registered in the application via a malicious link…
CVE-2023-0967 — CVSS 6.5 (medium): Bhima version 1.27.0 allows an attacker authenticated with normal user permissions to view sensitive data of other application users and…
CVE-2023-0944 — CVSS 4.3 (medium): Bhima version 1.27.0 allows an authenticated attacker with regular user permissions to update arbitrary user session data such as username…