Lucene search
K

195 matches found

CVE
CVE
added 2026/03/11 8:47 p.m.15 views

CVE-2026-32121

CVE-2026-32121 affects OpenEMR prior to 8.0.0.1 with stored DOM XSS in two areas stemming from unsanitized patient names in patient_data. One path is server-side rendering of patient demographics via raw PHP echo (Stored XSS in prescription CSS/HTML print view). The other is client-side DOM rende...

7.7CVSS5.8AI score0.00191EPSS
Exploits1References1Affected Software1
NVD
NVD
added 2026/03/03 10:16 p.m.9 views

CVE-2026-24898

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0, an unauthenticated token disclosure vulnerability in the MedEx callback endpoint allows any unauthenticated visitor to obtain the practice's MedEx API tokens, leading to comple...

10CVSS0.00555EPSS
Exploits1References2
OSV
OSV
added 2026/03/03 10:10 p.m.6 views

CVE-2026-24898 OpenEMR has an Unauthenticated MedEx Token Disclosure

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0, an unauthenticated token disclosure vulnerability in the MedEx callback endpoint allows any unauthenticated visitor to obtain the practice's MedEx API tokens, leading to comple...

10CVSS5.9AI score0.00555EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2026/02/28 7:45 p.m.7 views

CVE-2026-25147

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, in portal/portalpayment.php, the patient id used for the page is taken from the request $pid = $REQUEST'pid' ?? $pid and $pid = $REQUEST'hiddenpatientcode' ?? null 0 ?...

7.1CVSS5.9AI score0.0022EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/02/27 4:44 p.m.21 views

CVE-2026-25147 OpenEMR's Portal Payment Endpoint Trusts User-Controlled pid

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, in portal/portalpayment.php, the patient id used for the page is taken from the request $pid = $REQUEST'pid' ?? $pid and $pid = $REQUEST'hiddenpatientcode' ?? null 0 ?...

7.1CVSS0.0022EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2026/02/27 4:13 a.m.5 views

CVE-2026-27943

OpenEMR is a free and open source electronic health records and medical practice management application. In versions up to and including 8.0.0, the eye exam eyemag view loads data by formid or equivalent without verifying that the form belongs to the current user’s patient/encounter context. An...

6.5CVSS5.4AI score0.0026EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/02/26 10:35 p.m.5 views

CVE-2026-25164

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, the REST API route table in apis/routes/restroutesstandard.inc.php does not call RestConfig::requestauthorizationcheck for the document and insurance routes. Other...

8.1CVSS5.5AI score0.0026EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/02/26 4:16 a.m.4 views

CVE-2026-25135

OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior to 8.0.0 have an information disclosure vulnerability that leaks the entire contact information for all users, organizations, and patients in the system to anyone who has the...

4.5CVSS5.3AI score0.00219EPSS
Exploits0References1
NVD
NVD
added 2026/02/25 7:43 p.m.7 views

CVE-2026-25930

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, the Layout-Based Form LBF printable view accepts formid and visitid or patientid from the request and does not verify that the form belongs to the current user’s...

6.5CVSS0.0026EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/02/25 6:22 p.m.3 views

CVE-2026-25164

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, the REST API route table in apis/routes/restroutesstandard.inc.php does not call RestConfig::requestauthorizationcheck for the document and insurance routes. Other...

8.1CVSS5.8AI score0.0026EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2026/02/25 6:22 p.m.16 views

CVE-2026-25164

OpenEMR before version 8.0.0 exposed documents and insurance data via the REST API. The route table in apis/routes/_rest_routes_standard.inc.php did not call RestConfig::request_authorization_check() for the document and insurance endpoints, allowing any valid API bearer token to access or modify...

8.1CVSS5.5AI score0.0026EPSS
Exploits1References2Affected Software1
EUVD
EUVD
added 2026/02/25 5:45 p.m.6 views

EUVD-2026-8701

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, an authorization bypass vulnerability in the FHIR CareTeam resource endpoint allows patient-scoped FHIR tokens to access care team data for all patients instead of bein...

7.1CVSS5.4AI score0.00266EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/02/25 5:45 p.m.20 views

CVE-2026-24487 OpenEMR has FHIR Patient Compartment Bypass in CareTeam Resource

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, an authorization bypass vulnerability in the FHIR CareTeam resource endpoint allows patient-scoped FHIR tokens to access care team data for all patients instead of bein...

7.1CVSS0.00266EPSS
Exploits1References2
CVE
CVE
added 2026/02/25 5:45 p.m.17 views

CVE-2026-24487

OpenEMR before 8.0.0 contains an authorization bypass in the FHIR CareTeam resource endpoint. The root cause is that FhirCareTeamService does not implement IPatientCompartmentResourceService and does not pass the patient binding parameter to the underlying service, bypassing patient compartment f...

7.1CVSS5.4AI score0.00266EPSS
Exploits1References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/02/25 2:2 a.m.3 views

CVE-2026-25135

OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior to 8.0.0 have an information disclosure vulnerability that leaks the entire contact information for all users, organizations, and patients in the system to anyone who has the...

4.5CVSS5.3AI score0.00219EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2026/02/25 12:0 a.m.10 views

OpenEMR 安全漏洞

OpenEMR is a set of open-source medical management systems developed by the OpenEMR community. This system can be used for medical practice management, electronic medical records, prescription writing, and medical billing applications. Versions of OpenEMR prior to 8.0.0 contained security...

8.1CVSS5.8AI score0.0026EPSS
Exploits1References2
VulnCheck KEV
VulnCheck KEV
added 2026/01/20 12:0 a.m.8 views

VulnCheck KEV: CVE-2025-0683

In its default configuration, Contec Health CMS8000 Patient Monitor transmits plain-text patient data to a hard-coded public IP address when a patient is hooked up to the monitor. This could lead to a leakage of confidential patient data to any device with that IP address or an attacker in a...

8.2CVSS5.8AI score0.00763EPSS
In wildExploits0References3
RedhatCVE
RedhatCVE
added 2026/01/09 9:56 a.m.10 views

CVE-2020-12037

Baxter PrismaFlex all versions, PrisMax all versions prior to 3.x, The affected devices do not implement data-in-transit encryption e.g., TLS/SSL when configured to send treatment data to a PDMS Patient Data Management System or an EMR Electronic Medical Record system. An attacker could observe...

7.5CVSS6.7AI score0.00483EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2020-4352

Malware in sbrugna...

7.5CVSS7.5AI score0.00496EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2018-10682

Malware in sbrugna...

7.4CVSS7.5AI score0.00734EPSS
Exploits1References2
Rows per page
Query Builder