CVE-2026-25164 OpenEMR's Document and Insurance REST Endpoints Skip ACL

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, the REST API route table in apis/routes/restroutesstandard.inc.php does not call RestConfig::requestauthorizationcheck for the document and insurance routes. Other...

CVE-2026-25164

OpenEMR before version 8.0.0 exposed documents and insurance data via the REST API. The route table in apis/routes/_rest_routes_standard.inc.php did not call RestConfig::request_authorization_check() for the document and insurance endpoints, allowing any valid API bearer token to access or modify...

EUVD-2026-8704

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, the REST API route table in apis/routes/restroutesstandard.inc.php does not call RestConfig::requestauthorizationcheck for the document and insurance routes. Other...

CVE-2026-25164

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, the REST API route table in apis/routes/restroutesstandard.inc.php does not call RestConfig::requestauthorizationcheck for the document and insurance routes. Other...

CVE-2026-25164 OpenEMR's Document and Insurance REST Endpoints Skip ACL

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, the REST API route table in apis/routes/restroutesstandard.inc.php does not call RestConfig::requestauthorizationcheck for the document and insurance routes. Other...

PT-2026-21975

Name of the Vulnerable Software and Affected Versions OpenEMR versions prior to 8.0.0 Description OpenEMR is an electronic health records and medical practice management application. Prior to version 8.0.0, the REST API route table in apis/routes/ rest routes standard.inc.php does not call...

Identity Cyber Scores: The New Metric Shaping Cyber Insurance in 2026

With one in three cyber-attacks now involving compromised employee accounts, insurers and regulators are placing far greater emphasis on identity posture when assessing cyber risk. For many organizations, however, these assessments remain largely opaque. Elements such as password hygiene,...

Cyber Insurance, Audit, and Policy: Review, Analysis and Recommendations

Cyber insurance, which protects insured organizations against financial losses from cyberattacks and data breaches, can be difficult and expensive to obtain for many organizations. These difficulties stem from insurers difficulty in understanding and accurately assessing the risks that they are...

CVE-2022-27124

Insurance Management System 1.0 was discovered to contain a SQL injection vulnerability via the username parameter...

Stronger together: New Beazley collaboration enhances cyber resilience

Today’s cyberthreat landscape demands more than technical expertise: it requires a unified response team of technical responders, insurers, brokers, and legal counsel. This integrated approach is key to building long-term cyber resilience to help your organization anticipate, withstand, recover...

Stronger together: New Beazley collaboration enhances cyber resilience

Today’s cyberthreat landscape demands more than technical expertise: it requires a unified response team of technical responders, insurers, brokers, and legal counsel. This integrated approach is key to building long-term cyber resilience to help your organization anticipate, withstand, recover...

How scammers use fake insurance texts to steal your identity

Sometimes it’s hard to understand how some scams work or why criminals would even try them on you. In this case it may have been a matter of timing. One of my co-workers received this one: “Insurance estimates for certain age ranges: 20-30 200 – 300/mo 31-40 270 – 450/mo 41-64 350 – 500/mo Please...

Ransomware gang claims Conduent breach: what you should watch for next [updated]

Update – October 30, 2025: New information confirms that Conduent’s 2024 breach has impacted over 10.5 million people, based on notifications filed with multiple state attorneys general. The largest disclosure came from the Oregon government, which reported a total of 10.5 million affected US...

CVE-2025-31634

Deserialization of Untrusted Data vulnerability in designthemes Insurance insurance allows Object Injection.This issue affects Insurance: from n/a through = 3.5...

EUVD-2025-35573

Deserialization of Untrusted Data vulnerability in designthemes Insurance insurance allows Object Injection.This issue affects Insurance: from n/a through = 3.5...

CVE-2025-31634

Deserialization of Untrusted Data vulnerability in designthemes Insurance insurance allows Object Injection.This issue affects Insurance: from n/a through = 3.5...

CVE-2025-31634 WordPress Insurance theme <= 3.5 - PHP Object Injection Vulnerability

Deserialization of Untrusted Data vulnerability in designthemes Insurance insurance allows Object Injection.This issue affects Insurance: from n/a through = 3.5...

CVE-2025-31634

CVE-2025-31634 describes a PHP Object Injection flaw in the WordPress theme “Insurance” (versions ≤ 3.5) due to deserializing untrusted data. Public sources (Patchstack/Red Hat/ENISA) confirm this is currently unpatched, affecting the Insurance theme up to 3.5; remediation is to upgrade to a vers...

CVE-2025-31634 WordPress Insurance theme <= 3.5 - PHP Object Injection Vulnerability

Deserialization of Untrusted Data vulnerability in designthemes Insurance insurance allows Object Injection.This issue affects Insurance: from n/a through = 3.5...

PT-2025-43149

Name of the Vulnerable Software and Affected Versions designthemes Insurance versions through 3.5 Description The software contains a flaw due to deserialization of untrusted data, which can lead to object injection. This impacts the Insurance application. Recommendations Update to a version newe...