2 matches found
CVE-2026-33304
creationtimestamp| type| source ---|---|--- 2026-03-19 22:22:08+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mhgzzvs5vs2k...
CVE-2026-33304
OpenEMR prior to 8.0.0.2 suffers an authorization bypass in the dated reminders log. Any authenticated non-admin user can view reminder messages belonging to other users, including patient names and free-text content, by crafting a GET request with arbitrary user IDs in the sentTo[] or sentBy[] p...