Multiple Vulnerabilities in Imaster Products - Date: 12/01/2026 - Identifier: INCIBE-2026-015 - Severity: 5 - Critical Affected Resources - MEMS Events CRM - Patient Records Management System Description - Four vulnerabilities were found, one critical, two high severity, and one medium severity. - Discovered by Gonzalo Aguilar Garcia (6h4ck). - Vulnerabilities assigned to CVE-2025-41003, CVE-2025-41005, CVE-2025-41004, and CVE-2025-41006. Solution - CVE-2025-41006: The 'phone' parameter in '/memsdemo/login.php' is affected. CVE Details Note - The exploitation value was valid at the time of publication. It may change over time.