Lucene search
K

216688 matches found

ATTACKERKB
ATTACKERKB
added 2026/03/25 11:31 p.m.5 views

CVE-2026-33917

OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior to 8.0.0.3 contais a SQL injection vulnerability in the ajaxsave CAMOS form that can be exploited by authenticated attackers. The vulnerability exists due to insufficient input...

8.8CVSS5.8AI score0.00445EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2026/03/25 11:31 p.m.28 views

CVE-2026-33917 OpenEMR has SQL Injection in CAMOS Form

OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior to 8.0.0.3 contais a SQL injection vulnerability in the ajaxsave CAMOS form that can be exploited by authenticated attackers. The vulnerability exists due to insufficient input...

8.8CVSS0.00445EPSS
Exploits1References3
OSV
OSV
added 2026/03/25 11:31 p.m.5 views

CVE-2026-33917 OpenEMR has SQL Injection in CAMOS Form

OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior to 8.0.0.3 contais a SQL injection vulnerability in the ajaxsave CAMOS form that can be exploited by authenticated attackers. The vulnerability exists due to insufficient input...

8.8CVSS5.9AI score0.00445EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2026/03/25 11:31 p.m.10 views

CVE-2026-33917 OpenEMR has SQL Injection in CAMOS Form

OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior to 8.0.0.3 contais a SQL injection vulnerability in the ajaxsave CAMOS form that can be exploited by authenticated attackers. The vulnerability exists due to insufficient input...

8.8CVSS5.8AI score0.00445EPSS
Exploits1References3
NVD
NVD
added 2026/03/25 11:17 p.m.7 views

CVE-2026-33909

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, several variables in the MedEx recall/reminder processing code are concatenated directly into SQL queries without parameterization or type casting, enabling SQL...

5.9CVSS0.0033EPSS
Exploits0References3
NVD
NVD
added 2026/03/25 11:17 p.m.3 views

CVE-2026-4825

A vulnerability was found in SourceCodester Sales and Inventory System 1.0. This affects an unknown part of the file /updatesales.php of the component HTTP GET Parameter Handler. The manipulation of the argument sid results in sql injection. The attack may be launched remotely. The exploit has be...

6.5CVSS0.00303EPSS
Exploits1References5
CVE
CVE
added 2026/03/25 11:13 p.m.13 views

CVE-2026-33914

OpenEMR (prior to 8.0.0.3) contains a blind SQL injection in the PostCalendar categoriesUpdate function. The malsicious code uses the dels POST parameter, which is read via pnVarCleanFromInput() (HTML tags stripped only) and directly interpolated into a raw SQL DELETE statement executed by Doctri...

7.2CVSS5.9AI score0.00425EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2026/03/25 11:13 p.m.25 views

CVE-2026-33914 OpenEMR has SQL Injection in PostCalendar Category Delete

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, the PostCalendar module contains a blind SQL injection vulnerability in the categoriesUpdate administrative function. The dels POST parameter is read via...

7.2CVSS0.00425EPSS
Exploits1References3
OSV
OSV
added 2026/03/25 11:13 p.m.4 views

CVE-2026-33914 OpenEMR has SQL Injection in PostCalendar Category Delete

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, the PostCalendar module contains a blind SQL injection vulnerability in the categoriesUpdate administrative function. The dels POST parameter is read via...

7.2CVSS6AI score0.00425EPSS
Exploits1References5
ATTACKERKB
ATTACKERKB
added 2026/03/25 10:41 p.m.2 views

CVE-2026-33910

OpenEMR is a free and open source electronic health records and medical practice management application. Versions up to and including 8.0.0.2 contain a SQL injection vulnerability in the patient selection feature that can be exploited by authenticated attackers. The vulnerability exists due to...

7.2CVSS5.8AI score0.00427EPSS
Exploits2References4Affected Software1
CVE
CVE
added 2026/03/25 10:41 p.m.11 views

CVE-2026-33910

OpenEMR is affected by a SQL injection in the patient selection feature. The vulnerability exists in versions up to 8.0.0.2 due to insufficient input validation; authenticated attackers can exploit it. Version 8.0.0.3 contains a patch. Practical impact: high because it affects confidentiality, in...

8.8CVSS5.8AI score0.00427EPSS
Exploits2References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/25 10:41 p.m.7 views

CVE-2026-33910 OpenEMR has a SQL Injection Vulnerability in patient selection

OpenEMR is a free and open source electronic health records and medical practice management application. Versions up to and including 8.0.0.2 contain a SQL injection vulnerability in the patient selection feature that can be exploited by authenticated attackers. The vulnerability exists due to...

7.2CVSS5.8AI score0.00427EPSS
Exploits2References3
Cvelist
Cvelist
added 2026/03/25 10:32 p.m.25 views

CVE-2026-4825 SourceCodester Sales and Inventory System HTTP GET Parameter update_sales.php sql injection

A vulnerability was found in SourceCodester Sales and Inventory System 1.0. This affects an unknown part of the file /updatesales.php of the component HTTP GET Parameter Handler. The manipulation of the argument sid results in sql injection. The attack may be launched remotely. The exploit has be...

6.5CVSS0.00303EPSS
Exploits1References5
ATTACKERKB
ATTACKERKB
added 2026/03/25 10:32 p.m.2 views

CVE-2026-4825

A vulnerability was found in SourceCodester Sales and Inventory System 1.0. This affects an unknown part of the file /updatesales.php of the component HTTP GET Parameter Handler. The manipulation of the argument sid results in sql injection. The attack may be launched remotely. The exploit has be...

6.5CVSS6.4AI score0.00303EPSS
Exploits1References5Affected Software1
CVE
CVE
added 2026/03/25 10:32 p.m.9 views

CVE-2026-4825

CVE-2026-4825 affects SourceCodester Sales and Inventory System 1.0. The vulnerability lies in the HTTP GET Parameter Handler for the file /update_sales.php, where manipulating the sid argument enables an SQL injection. The issue may be exploited remotely, and an exploit has been made public. No ...

6.5CVSS6.4AI score0.00303EPSS
Exploits1References5Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/25 10:32 p.m.1 views

CVE-2026-4825 SourceCodester Sales and Inventory System HTTP GET Parameter update_sales.php sql injection

A vulnerability was found in SourceCodester Sales and Inventory System 1.0. This affects an unknown part of the file /updatesales.php of the component HTTP GET Parameter Handler. The manipulation of the argument sid results in sql injection. The attack may be launched remotely. The exploit has be...

6.5CVSS6.4AI score0.00303EPSS
Exploits1References5
ATTACKERKB
ATTACKERKB
added 2026/03/25 10:24 p.m.4 views

CVE-2026-29187

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, a Blind SQL Injection vulnerability exists in the Patient Search functionality /interface/new/newsearchpopup.php. The vulnerability allows an authenticated attacker t...

8.1CVSS6.2AI score0.00473EPSS
Exploits3References4Affected Software1
Cvelist
Cvelist
added 2026/03/25 10:24 p.m.24 views

CVE-2026-29187 OpenEMR Vulnerable to Authenticated Blind Boolean-Based SQL Injection in new_search_popup.php

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, a Blind SQL Injection vulnerability exists in the Patient Search functionality /interface/new/newsearchpopup.php. The vulnerability allows an authenticated attacker t...

8.1CVSS0.00473EPSS
Exploits3References3
Snyk
Snyk
added 2026/03/25 9:56 p.m.3 views

SQL Injection

Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to SQL Injection via the save function. An attacker can extract sensitive information from the database and insert arbitrary data by submitting crafted input to the...

7.1CVSS6.1AI score0.00224EPSS
Exploits1References2
EUVD
EUVD
added 2026/03/25 9:56 p.m.4 views

EUVD-2026-14508

AVideo is Vulnerable to SQL Injection through Subscribe Endpoint via Unsanitized userid Parameter...

7.1CVSS5.9AI score0.00224EPSS
Exploits1References3
Rows per page
Query Builder