PT-2026-35883

Name of the Vulnerable Software and Affected Versions e-Sushrut affected versions not specified Description Improper access control in resource access validation allows an authenticated attacker to gain unauthorized access to sensitive patient information by manipulating parameters in the API...

PT-2026-26347

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.2, an authorization bypass in the optional FaxSMS module oe-module-faxsms allows any authenticated OpenEMR user to invoke controller methods — including getNotificationLog, whic...

CVE-2026-25147 OpenEMR's Portal Payment Endpoint Trusts User-Controlled pid

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, in portal/portalpayment.php, the patient id used for the page is taken from the request $pid = $REQUEST'pid' ?? $pid and $pid = $REQUEST'hiddenpatientcode' ?? null 0 ?...

CVE-2026-27943

OpenEMR is a free and open source electronic health records and medical practice management application. In versions up to and including 8.0.0, the eye exam eyemag view loads data by formid or equivalent without verifying that the form belongs to the current user’s patient/encounter context. An...

EUVD-2026-8701

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, an authorization bypass vulnerability in the FHIR CareTeam resource endpoint allows patient-scoped FHIR tokens to access care team data for all patients instead of bein...

EUVD-2020-8184

Malware in sbrugna...

Philips Patient Information Center iX 安全漏洞

Philips Patient Information Center iX Philips Patient Information Center PIC iX, a Philips company in Europe, is at the heart of our patient monitoring system, which facilitates understanding of the patient's condition and helps caregivers to identify potential deterioration at an early stage, as...

CVE-2018-5438

Philips ISCV application prior to version 2.3.0 has an insufficient session expiration vulnerability where an attacker could reuse the session of a previously logged in user. This vulnerability exists when using ISCV together with an Electronic Medical Record EMR system, where ISCV is in KIOSK mo...

E-Health Android App suffers from an override access vulnerability

E-Health Android APP is a mobile medical application that aims to improve the patient experience, enhance the service level of medical institutions, and strengthen the communication between doctors and patients. E-Health Android APP has an overstepping access vulnerability, the attacker can view...