14 matches found
EUVD-2025-9332
Malicious code in bioql PyPI...
CVE-2025-31117
OpenEMR is a free and open source electronic health records and medical practice management application. An Out-of-Band Server-Side Request Forgery OOB SSRF vulnerability was identified in OpenEMR, allowing an attacker to force the server to make unauthorized requests to external or internal...
CVE-2025-31121
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 7.0.3.1, the Patient Image feature in OpenEMR is vulnerable to cross-site scripting attacks via the EXIF title in an image. This vulnerability is fixed in 7.0.3.1...
CVE-2025-31121
OpenEMR’s Patient Image feature (EXIF title) is vulnerable to cross-site scripting prior to version 7.0.3.1. Affected component: Patient Image handling in OpenEMR. Root cause: unsanitized EXIF title in uploaded images enables XSS. Impact: CVE-2025-31121 indicates attacker-executed script in vulne...
CVE-2025-31121 OpenEMR allows XSS in Patient Image feature
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 7.0.3.1, the Patient Image feature in OpenEMR is vulnerable to cross-site scripting attacks via the EXIF title in an image. This vulnerability is fixed in 7.0.3.1...
PT-2025-14119 · Openemr · Openemr
Name of the Vulnerable Software and Affected Versions: OpenEMR versions prior to 7.0.3.1 Description: The Patient Image feature in OpenEMR is vulnerable to cross-site scripting attacks via the EXIF title in an image. Recommendations: For versions prior to 7.0.3.1, update to version 7.0.3.1 to...
CVE-2025-31117
OpenEMR is a free and open source electronic health records and medical practice management application. An Out-of-Band Server-Side Request Forgery OOB SSRF vulnerability was identified in OpenEMR, allowing an attacker to force the server to make unauthorized requests to external or internal...
CVE-2025-31117 OpenEMR Out-of-Band Server-Side Request Forgery (OOB SSRF) Vulnerability
OpenEMR is a free and open source electronic health records and medical practice management application. An Out-of-Band Server-Side Request Forgery OOB SSRF vulnerability was identified in OpenEMR, allowing an attacker to force the server to make unauthorized requests to external or internal...
CVE-2025-31117
OpenEMR — CVE-2025-31117 — is an Out-of-Band Server-Side Request Forgery (OOB SSRF) in OpenEMR that can force the server to make unauthorized requests to external or internal resources. The attack can be executed via DNS or HTTP interactions and is described as not returning a direct response, wi...
CVE-2025-31117 OpenEMR Out-of-Band Server-Side Request Forgery (OOB SSRF) Vulnerability
OpenEMR is a free and open source electronic health records and medical practice management application. An Out-of-Band Server-Side Request Forgery OOB SSRF vulnerability was identified in OpenEMR, allowing an attacker to force the server to make unauthorized requests to external or internal...
OPENSUSE-SU-2024:12244-1 ruby3.1-rubygem-activerecord-7.0-7.0.3.1-1.1 on GA media
These are all security issues fixed in the ruby3.1-rubygem-activerecord-7.0-7.0.3.1-1.1 package on the GA media of openSUSE Tumbleweed...
Internet Bug Bounty: CVE-2022-23520: Incomplete fix for CVE-2022-32209 (XSS in Rails::Html::Sanitizer under certain configurations)
The following is from: https://hackerone.com/reports/1654310 While building a PoC for CVE-2022-32209, I noticed that I could not fix my vulnerable application by updating https://github.com/rails/rails-html-sanitizer from 1.4.2 to 1.4.3 even though the Hackerone report about this vulnerability...
Ruby on Rails: Incomplete fix for CVE-2022-32209 (XSS in Rails::Html::Sanitizer under certain configurations)
While building a PoC for CVE-2022-32209, I noticed that I could not fix my vulnerable application by updating https://github.com/rails/rails-html-sanitizer from 1.4.2 to 1.4.3 even though the Hackerone report about this vulnerability suggested that this should fix it see here:...
Remote Code Execution (RCE)
Overview activerecord is a library for databases on Rails. Affected versions of this package are vulnerable to Remote Code Execution RCE. When serialized columns that use YAML the default are deserialized, Rails uses YAML.unsafeload to convert the YAML data in to Ruby objects. If an attacker can...