CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Cvelist•added 2026/03/19 8:10 p.m.•14 views

CVE-2026-33301 OpenEMR has arbitrary image file read via PDF generator

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.2, users with the Notes - my encounters role can fill Eye Exam forms in patient encounters. The answers to the form can be printed out in PDF form. An arbitrary file read...

7.1CVSS0.00041EPSS

ATTACKERKB•added 2026/03/19 8:10 p.m.•1 views

CVE-2026-33301

7.1CVSS5.9AI score0.00041EPSS

Vulnrichment•added 2026/03/19 8:7 p.m.•0 views

CVE-2026-33299 OpenEMR has Stored XSS in patient encounter Eye Exam form answers

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.2, users with the Notes - my encounters role can fill Eye Exam forms in patient encounters. The answers to the form are displayed on the encounter page and in the visit history...

EUVD•added 2026/03/19 8:7 p.m.•1 views

EUVD-2026-13160

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.2, users with the Notes - my encounters role can fill Eye Exam forms in patient encounters. The answers to the form are displayed on the encounter page and in the visit history...

Cvelist•added 2026/03/19 8:7 p.m.•18 views

CVE-2026-33299 OpenEMR has Stored XSS in patient encounter Eye Exam form answers

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.2, users with the Notes - my encounters role can fill Eye Exam forms in patient encounters. The answers to the form are displayed on the encounter page and in the visit history...

8.5CVSS0.00233EPSS

ATTACKERKB•added 2026/03/19 8:7 p.m.•1 views

CVE-2026-33299

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.2, users with the Notes - my encounters role can fill Eye Exam forms in patient encounters. The answers to the form are displayed on the encounter page and in the visit history...

CVE•added 2026/03/19 8:7 p.m.•2 views

CVE-2026-33299

CVE-2026-33299 describes a stored XSS in OpenEMR prior to version 8.0.0.2. Users with the Notes - my encounters role can enter payloads in Eye Exam form answers; the payload is rendered on encounter pages/visit history for other users with the same role. Affects OpenEMR’s Eye Exam form-answer dis...

Exploits1References2Affected Software1

ATTACKERKB•added 2026/03/19 7:25 p.m.•1 views

CVE-2026-25744

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.2, the encounter vitals API accepts an id in the request body and treats it as an UPDATE. There is no verification that the vital belongs to the current patient or encounter. An...

6.5CVSS5.8AI score0.00135EPSS

The Hacker News•added 2026/03/19 12:43 p.m.•2 views

New Perseus Android Banking Malware Monitors Notes Apps to Extract Sensitive Data

Cybersecurity researchers have disclosed a new Android malware family called Perseus that's being actively distributed in the wild with an aim to conduct device takeover DTO and financial fraud. Perseus is built upon the foundations of Cerberus and Phoenix, at the same time evolving into a "more...

6.1AI score

Exploits0

RedHat Linux•added 2026/03/19 7:9 a.m.•1 views

Moderate: Red Hat Security Advisory: OpenShift Container Platform 4.16.58 bug fix and security update

Red Hat OpenShift Container Platform release 4.16.58 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.16. Red Hat Product Security has rated this update as having a...

7.5CVSS6.8AI score0.00073EPSS

Exploits1References4

Amazon•added 2026/03/19 12:0 a.m.•7 views

Important: kernel-livepatch-5.10.245-245.983

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: net: usb: qmiwwan: initialize MAC header offset in qmimuxrxfixup CVE-2025-68192 Affected Packages: kernel-livepatch-5.10.245-245.983 Issue Correction: Please ensure you have live patching enabled. Run yum update...

5.9AI score0.00058EPSS

Exploits0

Positive Technologies•added 2026/03/19 12:0 a.m.•4 views

PT-2026-26337

7.6CVSS5.8AI score0.0014EPSS

Exploits1References5

Positive Technologies•added 2026/03/19 12:0 a.m.•2 views

PT-2026-26335

8.1CVSS5.9AI score0.00041EPSS

Exploits1References5

NVD•added 2026/03/18 9:16 p.m.•2 views

CVE-2026-25745

OpenEMR is a free and open source electronic health records and medical practice management application. In versions up to and including 8.0.0, the message/note update endpoint e.g. PUT or POST updates by message/note ID only and does not verify that the message belongs to the current patient or...

6.5CVSS0.00027EPSS

Vulnrichment•added 2026/03/18 8:30 p.m.•2 views

CVE-2026-25745 OpenEMR's Message Update Ignores Patient id

6.5CVSS5.7AI score0.00027EPSS

CVE•added 2026/03/18 8:30 p.m.•3 views

CVE-2026-25745

OpenEMR (versions up to 8.0.0) is affected by CVE-2026-25745. The issue arises in the message/note update endpoint (e.g., PUT/POST), which updates by message/note ID without verifying that the message belongs to the current patient or that the user is permitted to edit that patient’s notes. An au...

6.5CVSS5.8AI score0.00027EPSS

Exploits1References2Affected Software1

ATTACKERKB•added 2026/03/18 8:30 p.m.•1 views

CVE-2026-25745

6.5CVSS5.8AI score0.00027EPSS

EUVD•added 2026/03/18 8:30 p.m.•2 views

EUVD-2026-12952

6.5CVSS5.8AI score0.00027EPSS