Lucene search
K

14 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-9332

Malicious code in bioql PyPI...

7CVSS6.6AI score0.1462EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/04/02 5:35 p.m.15 views

CVE-2025-31117

OpenEMR is a free and open source electronic health records and medical practice management application. An Out-of-Band Server-Side Request Forgery OOB SSRF vulnerability was identified in OpenEMR, allowing an attacker to force the server to make unauthorized requests to external or internal...

7.5CVSS7AI score0.00444EPSS
Exploits1References1
NVD
NVD
added 2025/04/01 3:16 p.m.14 views

CVE-2025-31121

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 7.0.3.1, the Patient Image feature in OpenEMR is vulnerable to cross-site scripting attacks via the EXIF title in an image. This vulnerability is fixed in 7.0.3.1...

7CVSS0.1462EPSS
Exploits1References1
CVE
CVE
added 2025/04/01 2:53 p.m.62 views

CVE-2025-31121

OpenEMR’s Patient Image feature (EXIF title) is vulnerable to cross-site scripting prior to version 7.0.3.1. Affected component: Patient Image handling in OpenEMR. Root cause: unsanitized EXIF title in uploaded images enables XSS. Impact: CVE-2025-31121 indicates attacker-executed script in vulne...

7CVSS6.3AI score0.1462EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2025/04/01 2:53 p.m.20 views

CVE-2025-31121 OpenEMR allows XSS in Patient Image feature

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 7.0.3.1, the Patient Image feature in OpenEMR is vulnerable to cross-site scripting attacks via the EXIF title in an image. This vulnerability is fixed in 7.0.3.1...

7CVSS0.1462EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2025/04/01 12:0 a.m.7 views

PT-2025-14119 · Openemr · Openemr

Name of the Vulnerable Software and Affected Versions: OpenEMR versions prior to 7.0.3.1 Description: The Patient Image feature in OpenEMR is vulnerable to cross-site scripting attacks via the EXIF title in an image. Recommendations: For versions prior to 7.0.3.1, update to version 7.0.3.1 to...

7CVSS6.5AI score0.1462EPSS
Exploits1References5
NVD
NVD
added 2025/03/31 5:15 p.m.24 views

CVE-2025-31117

OpenEMR is a free and open source electronic health records and medical practice management application. An Out-of-Band Server-Side Request Forgery OOB SSRF vulnerability was identified in OpenEMR, allowing an attacker to force the server to make unauthorized requests to external or internal...

7.5CVSS0.00444EPSS
Exploits1References2
OSV
OSV
added 2025/03/31 4:49 p.m.15 views

CVE-2025-31117 OpenEMR Out-of-Band Server-Side Request Forgery (OOB SSRF) Vulnerability

OpenEMR is a free and open source electronic health records and medical practice management application. An Out-of-Band Server-Side Request Forgery OOB SSRF vulnerability was identified in OpenEMR, allowing an attacker to force the server to make unauthorized requests to external or internal...

6.9CVSS6.7AI score0.00444EPSS
Exploits1References4
CVE
CVE
added 2025/03/31 4:49 p.m.79 views

CVE-2025-31117

OpenEMR — CVE-2025-31117 — is an Out-of-Band Server-Side Request Forgery (OOB SSRF) in OpenEMR that can force the server to make unauthorized requests to external or internal resources. The attack can be executed via DNS or HTTP interactions and is described as not returning a direct response, wi...

7.5CVSS6.3AI score0.00444EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2025/03/31 4:49 p.m.20 views

CVE-2025-31117 OpenEMR Out-of-Band Server-Side Request Forgery (OOB SSRF) Vulnerability

OpenEMR is a free and open source electronic health records and medical practice management application. An Out-of-Band Server-Side Request Forgery OOB SSRF vulnerability was identified in OpenEMR, allowing an attacker to force the server to make unauthorized requests to external or internal...

6.9CVSS6.7AI score0.00444EPSS
Exploits1References2
OSV
OSV
added 2024/06/15 12:0 a.m.22 views

OPENSUSE-SU-2024:12244-1 ruby3.1-rubygem-activerecord-7.0-7.0.3.1-1.1 on GA media

These are all security issues fixed in the ruby3.1-rubygem-activerecord-7.0-7.0.3.1-1.1 package on the GA media of openSUSE Tumbleweed...

9.8CVSS9.3AI score0.02386EPSS
Exploits1References1
Hacker One
Hacker One
added 2022/12/14 9:17 p.m.114 views

Internet Bug Bounty: CVE-2022-23520: Incomplete fix for CVE-2022-32209 (XSS in Rails::Html::Sanitizer under certain configurations)

The following is from: https://hackerone.com/reports/1654310 While building a PoC for CVE-2022-32209, I noticed that I could not fix my vulnerable application by updating https://github.com/rails/rails-html-sanitizer from 1.4.2 to 1.4.3 even though the Hackerone report about this vulnerability...

5.8CVSS6.3AI score0.29316EPSS
Exploits2
Hacker One
Hacker One
added 2022/07/29 9:46 p.m.59 views

Ruby on Rails: Incomplete fix for CVE-2022-32209 (XSS in Rails::Html::Sanitizer under certain configurations)

While building a PoC for CVE-2022-32209, I noticed that I could not fix my vulnerable application by updating https://github.com/rails/rails-html-sanitizer from 1.4.2 to 1.4.3 even though the Hackerone report about this vulnerability suggested that this should fix it see here:...

5.8CVSS6.1AI score0.29316EPSS
Exploits2
Snyk
Snyk
added 2022/07/13 8:48 a.m.3 views

Remote Code Execution (RCE)

Overview activerecord is a library for databases on Rails. Affected versions of this package are vulnerable to Remote Code Execution RCE. When serialized columns that use YAML the default are deserialized, Rails uses YAML.unsafeload to convert the YAML data in to Ruby objects. If an attacker can...

9.8CVSS8.1AI score0.02386EPSS
Exploits1References2
Rows per page
Query Builder