Lucene search
K

25077 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2026/02/25 7:11 p.m.7 views

Security Bulletin: MongoDB Enterprised Advanced affected by: Use of Insufficiently Random Values vulnerability (CVE-2025-7783)

Summary There is 1 vulnerability in form-data-2.3.3.tgz used in MongoDB Enterprised Advanced for IBM, involving CVE-2025-7783. The vulnerability has been addressed. Vulnerability Details CVEID:CVE-2025-7783 DESCRIPTION: Use of Insufficiently Random Values vulnerability in form-data allows HTTP...

9.4CVSS5.4AI score0.01735EPSS
Exploits1Affected Software1
CVE
CVE
added 2026/02/25 6:48 p.m.16 views

CVE-2026-25930

OpenEMR before version 8.0.0 is affected by a vulnerability in the Layout-Based Form (LBF) printable view: the request can supply formid and visitid/patientid without verifying that the form belongs to the authenticated user’s patient/encounter. An authenticated user with LBF access can enumerate...

6.5CVSS5.5AI score0.0026EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/02/25 6:48 p.m.3 views

CVE-2026-25930 OpenEMR's Printable LBF Endpoint Leaks Arbitrary Patient Forms

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, the Layout-Based Form LBF printable view accepts formid and visitid or patientid from the request and does not verify that the form belongs to the current user’s...

6.5CVSS5.5AI score0.0026EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/02/25 6:48 p.m.19 views

CVE-2026-25930 OpenEMR's Printable LBF Endpoint Leaks Arbitrary Patient Forms

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, the Layout-Based Form LBF printable view accepts formid and visitid or patientid from the request and does not verify that the form belongs to the current user’s...

6.5CVSS0.0026EPSS
Exploits1References2
EUVD
EUVD
added 2026/02/25 6:48 p.m.5 views

EUVD-2026-8717

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, the Layout-Based Form LBF printable view accepts formid and visitid or patientid from the request and does not verify that the form belongs to the current user’s...

6.5CVSS5.5AI score0.0026EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/02/25 6:48 p.m.6 views

CVE-2026-25930

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, the Layout-Based Form LBF printable view accepts formid and visitid or patientid from the request and does not verify that the form belongs to the current user’s...

6.5CVSS5.8AI score0.0026EPSS
Exploits1References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/02/25 6:33 p.m.3 views

CVE-2026-25743

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, users with the "Forms administration" role can fill questionnaires "forms" in patient encounters. The answers to the forms are displayed on the encounter page and in th...

7.2CVSS5.9AI score0.00165EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2026/02/25 6:33 p.m.4 views

CVE-2026-25743 OpenEMR has Stored XSS in Questionnaire answers

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, users with the "Forms administration" role can fill questionnaires "forms" in patient encounters. The answers to the forms are displayed on the encounter page and in th...

7.2CVSS5.5AI score0.00165EPSS
Exploits1References4
Cvelist
Cvelist
added 2026/02/25 6:33 p.m.19 views

CVE-2026-25743 OpenEMR has Stored XSS in Questionnaire answers

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, users with the "Forms administration" role can fill questionnaires "forms" in patient encounters. The answers to the forms are displayed on the encounter page and in th...

7.2CVSS0.00165EPSS
Exploits1References2
OSV
OSV
added 2026/02/25 5:21 p.m.7 views

CLSA-2026-1772040065 grafana-pcp: Fix of 2 CVEs

rebuild with newer golang version 1.22.9-1.el92.tuxcare.els5 to fix the following CVE's - CVE-2025-61726: limit parsed URL query parameters to mitigate excessive memory consumption during form parsing - CVE-2025-61729: fix excessive resource consumption when constructing hostname error messages...

7.5CVSS7.1AI score0.01945EPSS
Exploits2References1
OSV
OSV
added 2026/02/25 5:7 p.m.12 views

CLSA-2026-1772039226 golang: Fix of 2 CVEs

CVE-2025-61726: limit parsed URL query parameters to mitigate excessive memory consumption during form parsing - CVE-2025-61732: prevent cgo code smuggling by removing user-controlled content from documentation strings in generated ASTs...

8.6CVSS7AI score0.01945EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2026/02/25 12:16 p.m.3 views

golang: net/url: Memory exhaustion in query parameter parsing in net/url

A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted...

7.5CVSS5.8AI score0.01945EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2026/02/25 11:48 a.m.5 views

golang: net/url: Memory exhaustion in query parameter parsing in net/url

A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted...

7.5CVSS5.8AI score0.01945EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2026/02/25 9:32 a.m.10 views

golang: net/url: Memory exhaustion in query parameter parsing in net/url

A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted...

7.5CVSS5.8AI score0.01945EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2026/02/25 7:41 a.m.2 views

golang: net/url: Memory exhaustion in query parameter parsing in net/url

A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted...

7.5CVSS5.8AI score0.01945EPSS
Exploits0References8
IBM Security Bulletins
IBM Security Bulletins
added 2026/02/25 4:42 a.m.10 views

Security Bulletin: IBM Automation Decision Services for Jan 2026- Multiple CVEs addressed

Summary IBM Automation Decision Services is vulnerable to multiple remote code execution and denial of service attacks in third party and open source used in the product for various functions. See full list below. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2025-7783...

9.4CVSS6.5AI score0.01735EPSS
Exploits2Affected Software1
NVD
NVD
added 2026/02/25 4:16 a.m.15 views

CVE-2026-27745

The SPIP interfacetraductionobjets plugin versions prior to 2.2.2 contain an authenticated remote code execution vulnerability in the translation interface workflow. The plugin incorporates untrusted request data into a hidden form field that is rendered without SPIP output filtering. Because...

8.8CVSS0.00761EPSS
Exploits0References5
CVE
CVE
added 2026/02/25 3:8 a.m.10 views

CVE-2026-27745

The CVE-2026-27745 entry concerns the SPIP plugin interface_traduction_objets, affected when using versions prior to 4.3.3. An authenticated attacker with editor-level privileges can exploit an authenticated RCE vulnerability by injecting crafted content into a hidden form field populated with un...

8.8CVSS6.3AI score0.00761EPSS
Exploits0References5Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/02/25 3:8 a.m.5 views

CVE-2026-27745

The SPIP interfacetraductionobjets plugin versions prior to 2.2.2 contain an authenticated remote code execution vulnerability in the translation interface workflow. The plugin incorporates untrusted request data into a hidden form field that is rendered without SPIP output filtering. Because...

8.8CVSS6.3AI score0.00761EPSS
Exploits0References6
NVD
NVD
added 2026/02/25 2:16 a.m.9 views

CVE-2026-24847

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, the Eye Exam form module allows any authenticated user to be redirected to an arbitrary external URL. This can be exploited for phishing attacks against healthcare...

6.1CVSS0.00176EPSS
Exploits1References2
Rows per page
Query Builder