Lucene search
K

4 matches found

CVE
CVE
added 2026/03/03 10:10 p.m.28 views

CVE-2026-24898

OpenEMR before version 8.0.0 contains an unauthenticated disclosure in the MedEx callback endpoint. The endpoint bypasses authentication ($ignoreAuth = true) and returns the full JSON response, including MedEx API tokens, when a callback_key is posted. This enables unauthenticated visitors to obt...

10CVSS6AI score0.00555EPSS
Exploits1References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/03 10:10 p.m.4 views

CVE-2026-24898

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0, an unauthenticated token disclosure vulnerability in the MedEx callback endpoint allows any unauthenticated visitor to obtain the practice's MedEx API tokens, leading to comple...

10CVSS6AI score0.00555EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/03 10:10 p.m.4 views

CVE-2026-24898 OpenEMR has an Unauthenticated MedEx Token Disclosure

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0, an unauthenticated token disclosure vulnerability in the MedEx callback endpoint allows any unauthenticated visitor to obtain the practice's MedEx API tokens, leading to comple...

10CVSS6AI score0.00555EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/03/03 12:0 a.m.9 views

PT-2026-22835

Name of the Vulnerable Software and Affected Versions OpenEMR versions prior to 8.0.0 Description OpenEMR is an electronic health records and medical practice management application. A flaw in the MedEx callback endpoint allows unauthenticated access to the practice's MedEx API tokens. This can...

10CVSS5.9AI score0.00555EPSS
Exploits1References7
Rows per page
Query Builder