Browse all 5 CVE security advisories affecting THM-Health. AI-powered Chinese analysis, POCs, and references for each vulnerability.
THM-Health operates as a healthcare management platform handling sensitive patient data and medical records. Historically, the system has been vulnerable to multiple security issues including remote code execution, cross-site scripting, and privilege escalation vulnerabilities. With five CVEs currently documented, these weaknesses have allowed unauthorized access to protected health information and potential system compromise. The platform's security posture has been characterized by insufficient input validation and inadequate access controls, leading to consistent exploitation by threat actors targeting healthcare infrastructure. While no major public incidents have been widely reported, the documented vulnerabilities demonstrate persistent security challenges in protecting critical healthcare systems from increasingly sophisticated attacks.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-22800 | PILOS affected by a CSRF via GET request allows unintentional termination of all active video conferences — PILOSCWE-352 | 2.4 | Low | 2026-01-12 |
| CVE-2025-62781 | PILOS is missing session regeneration after password change — PILOSCWE-613 | 5.0 | Medium | 2025-10-27 |
| CVE-2025-62524 | PILOS Exposes PHP version — PILOSCWE-200 | 5.3 | Medium | 2025-10-27 |
| CVE-2025-62523 | PILOS Misconfigured the Access-Control-Allow-Origin Header — PILOSCWE-942 | 6.3 | Medium | 2025-10-27 |
| CVE-2023-47107 | PILOS account takeover through password reset poisoning — PILOSCWE-20 | 8.8 | High | 2023-11-08 |
This page lists every published CVE security advisory associated with THM-Health. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.