Missing authorization checks on an imaging endpoint in synedra WebPatient / synedra Web
Area: Swiss Health Sector
Criticality: high
Status: fixed
Published on 2025-05-21
Vulnerability Hub
The National Test Institute for Cybersecurity NTC conducts independent and neutral security tests of networked infrastructures, devices and applications. By disclosing vulnerabilities, we contribute to cybersecurity awareness and reinforce Switzerland’s security and digital sovereignty.
The Vulnerability Hub provides open and free access to the most relevant vulnerabilities identified by the NTC. Additional details about tested products and discovered vulnerabilities may be available upon request. Please reach out via the contact form.
Please note that the following list is only a selection of NTC's work.
106 Results
List
Vulnerability
Area
Criticality
Status
Published on
Multiple vulnerabilites in synedra ViewEmbeddedStreaming
Area: Swiss Health Sector
Criticality: high
Status: fixed
Published on 2025-05-21
Multiple vulnerabilites in synedra Control
Area: Swiss Health Sector
Criticality: medium
Status: fixed
Published on 2025-05-21
Multiple vulnerabilities in a Swiss job skills assessment website
Area: Other
Criticality: high
Status: fixed
Published on 2025-04-10
Multiple vulnerabilities in the Hospital Information System (HIS) KISIM of CISTEC AG
Area: Swiss Health Sector
Criticality: high
Status: fixed
Published on 2025-01-23
Multiple vulnerabilities in the Hospital Information System (HIS) inesKIS of ines GmbH
Area: Swiss Health Sector
Criticality: high
Status: fixed
Published on 2025-01-23
Insecurely configured content provider in the Another Activity Tracker Android App
Area: Open Source
Criticality: medium
Status: fixed
Published on 2025-01-20
Cross-App Scripting Vulnerability in the Arenti Android App
Area: Surveillance
Criticality: low
Status: fixed
Published on 2025-01-15
Exposed log files on the web app of a Swiss medical facility
Area: Swiss Health Sector
Criticality: high
Status: fixed
Published on 2025-01-09
SQL injections in a web application of a Swiss home healthcare services provider
Area: Swiss Health Sector
Criticality: high
Status: fixed
Published on 2025-01-08
Exposed Spring Boot Actuator on the website of a Swiss association of doctors
Area: Swiss Health Sector
Criticality: high
Status: fixed
Published on 2025-01-08
SQL injection in the a cloud solution used by Swiss telecommunication service providers
Area: Other
Criticality: high
Status: fixed
Published on 2024-10-31
SQL injection in the backend API for SeTracker smartwatches of shenzhen sanjitongchuang electronic co. LTD
Area: Smart Watches
Criticality: high
Status: fixed
Published on 2024-09-18
Publicly exposed webshell on a webserver of shenzhen sanjitongchuang electronic co. LTD
Area: Smart Watches
Criticality: high
Status: fixed
Published on 2024-09-18
Hardcoded WebRTC credentials in a mobile app of an international baby monitor vendor
Area: Surveillance
Criticality: high
Status: fixed
Published on 2024-09-16
SQL injections in web applications of a Swiss health information center
Area: Swiss Health Sector
Criticality: high
Status: fixed
Published on 2024-08-28
Exposed admin panels of a Swiss e-health solutions provider's health databases
Area: Swiss Health Sector
Criticality: medium
Status: fixed
Published on 2024-08-22
SQL injections in web applications of a Swiss e-health solutions provider
Area: Swiss Health Sector
Criticality: high
Status: fixed
Published on 2024-08-14
Cross-App Scripting vulnerability in a mobile app of an international smart home device manufacturer
Area: Other
Criticality: low
Status: fixed
Published on 2024-07-24
Misconfigured exported content provider in a Swiss emergency mobile app
Area: Other
Criticality: low
Status: fixed
Published on 2024-07-23
Cross-App Scripting vulnerability in a Swiss emergency mobile app
Area: Other
Criticality: low
Status: fixed
Published on 2024-07-23
Misconfigured exported activity in a Swiss emergency mobile app
Area: Other
Criticality: low
Status: fixed
Published on 2024-07-23
Misconfigured webview in a Swiss emergency mobile app
Area: Other
Criticality: low
Status: fixed
Published on 2024-07-23
Unsanitized deeplink in a Swiss emergency mobile app
Area: Other
Criticality: low
Status: fixed
Published on 2024-07-23
Exposed server information on military sport info page
Area: Other
Criticality: low
Status: fixed
Published on 2024-06-27