Lucene search
+L

6 matches found

redhatcve
redhatcve
added 2026/03/26 3:0 p.m.6 views

CVE-2026-33302

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.2, the module ACL function AclMain::zhAclCheck only checks for the presence of any "allow" user or group. It never checks for explicit "deny" allowed=0. As a result,...

8.6CVSS5.8AI score0.00315EPSS
Exploits1References1
cve
cve
added 2026/03/19 8:23 p.m.14 views

CVE-2026-33302

OpenEMR prior to version 8.0.0.2 contains an ACL logic bug in the zhAclCheck function: it only checks for any allowed entry and does not enforce explicit denies (allowed=0). This means a user or group marked as deny can still gain access if they are in a group with an allowed entry. The issue can...

8.6CVSS5.8AI score0.00315EPSS
Exploits1References2Affected Software1
vulnrichment
vulnrichment
added 2026/03/19 8:23 p.m.1 views

CVE-2026-33302 OpenEMR: zhAclCheck Ignores Explicit ACL Denies

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.2, the module ACL function AclMain::zhAclCheck only checks for the presence of any "allow" user or group. It never checks for explicit "deny" allowed=0. As a result,...

8.6CVSS5.8AI score0.00315EPSS
Exploits1References2
ptsecurity
ptsecurity
added 2026/03/19 12:0 a.m.6 views

PT-2026-26344

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.2, the module ACL function AclMain::zhAclCheck only checks for the presence of any "allow" user or group. It never checks for explicit "deny" allowed=0. As a result,...

8.6CVSS5.8AI score0.00315EPSS
Exploits1References5
ptsecurity
ptsecurity
added 2024/05/07 12:0 a.m.10 views

PT-2024-25803 · Deno · Deno

Name of the Vulnerable Software and Affected Versions: Deno versions prior to 1.43 Description: The Deno sandbox may be unexpectedly weakened by allowing file read/write access to privileged files in various locations on Unix and Windows platforms. For example, reading /proc/self/environ may...

8.4CVSS6.6AI score0.00368EPSS
Exploits0References9
nvd
nvd
added 2021/12/27 10:15 p.m.31 views

CVE-2021-43858

MinIO is a Kubernetes native application for cloud storage. Prior to version RELEASE.2021-12-27T07-23-18Z, a malicious client can hand-craft an HTTP API call that allows for updating policy for a user and gaining higher privileges. The patch in version RELEASE.2021-12-27T07-23-18Z changes the...

8.8CVSS0.35462EPSS
Exploits3References5
Rows per page
Query Builder