Lucene search
K

17 matches found

NVD
NVD
added 2026/03/11 9:16 p.m.4 views

CVE-2026-32122

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.1, the Claim File Tracker feature exposes an AJAX endpoint that returns billing claim metadata claim IDs, payer info, transmission logs. The endpoint does not enforce the same A...

4.3CVSS0.00229EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/03/11 8:48 p.m.26 views

CVE-2026-32122 OpenEMR: Missing Authorization on Claim File Tracker UI and AJAX Endpoint (V2)

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.1, the Claim File Tracker feature exposes an AJAX endpoint that returns billing claim metadata claim IDs, payer info, transmission logs. The endpoint does not enforce the same A...

4.3CVSS0.00229EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/03/11 8:48 p.m.2 views

CVE-2026-32122

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.1, the Claim File Tracker feature exposes an AJAX endpoint that returns billing claim metadata claim IDs, payer info, transmission logs. The endpoint does not enforce the same A...

4.3CVSS5.8AI score0.00229EPSS
Exploits1References2Affected Software1
CNNVD
CNNVD
added 2026/03/11 12:0 a.m.6 views

OpenEMR 安全漏洞

OpenEMR is a set of open-source medical management systems developed by the OpenEMR community. This system can be used for medical practice management, electronic medical records, prescription writing, and medical billing applications. Versions of OpenEMR prior to 8.0.0.1 contained security...

4.3CVSS5.8AI score0.00229EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.2 views

EUVD-2025-7117

Malicious code in bioql PyPI...

7.3CVSS7.4AI score0.00469EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.8 views

EUVD-2025-6873

Malicious code in bioql PyPI...

7.3CVSS6.9AI score0.00525EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2025/03/22 12:16 p.m.6 views

CVE-2024-10275

In version 1.5.5 of lunary-ai/lunary, a vulnerability exists where admins, who do not have direct permissions to access billing resources, can change the permissions of existing users to include billing permissions. This can lead to a privilege escalation scenario where an administrator can manag...

7.3CVSS7AI score0.00469EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/03/22 11:50 a.m.11 views

CVE-2024-9098

In lunary-ai/lunary before version 1.4.30, a privilege escalation vulnerability exists where admins can invite new members with billing permissions, thereby gaining unauthorized access to billing resources. This issue arises because the user creation endpoint does not restrict admins from invitin...

7.3CVSS7.1AI score0.00525EPSS
Exploits1References1
NVD
NVD
added 2025/03/20 10:15 a.m.10 views

CVE-2024-9098

In lunary-ai/lunary before version 1.4.30, a privilege escalation vulnerability exists where admins can invite new members with billing permissions, thereby gaining unauthorized access to billing resources. This issue arises because the user creation endpoint does not restrict admins from invitin...

7.3CVSS0.00525EPSS
Exploits1References2
OSV
OSV
added 2025/03/20 10:15 a.m.11 views

CVE-2024-9098

In lunary-ai/lunary before version 1.4.30, a privilege escalation vulnerability exists where admins can invite new members with billing permissions, thereby gaining unauthorized access to billing resources. This issue arises because the user creation endpoint does not restrict admins from invitin...

6.1CVSS7.3AI score0.00525EPSS
Exploits1References2
OSV
OSV
added 2025/03/20 10:15 a.m.4 views

CVE-2024-10275

In version 1.5.5 of lunary-ai/lunary, a vulnerability exists where admins, who do not have direct permissions to access billing resources, can change the permissions of existing users to include billing permissions. This can lead to a privilege escalation scenario where an administrator can manag...

7.3CVSS7.2AI score0.00469EPSS
Exploits1References2
Cvelist
Cvelist
added 2025/03/20 10:9 a.m.18 views

CVE-2024-9098 Privilege Escalation in lunary-ai/lunary

In lunary-ai/lunary before version 1.4.30, a privilege escalation vulnerability exists where admins can invite new members with billing permissions, thereby gaining unauthorized access to billing resources. This issue arises because the user creation endpoint does not restrict admins from invitin...

7.3CVSS0.00525EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2025/03/20 10:9 a.m.11 views

CVE-2024-9098 Privilege Escalation in lunary-ai/lunary

In lunary-ai/lunary before version 1.4.30, a privilege escalation vulnerability exists where admins can invite new members with billing permissions, thereby gaining unauthorized access to billing resources. This issue arises because the user creation endpoint does not restrict admins from invitin...

7.3CVSS7.3AI score0.00525EPSS
Exploits1References2
CVE
CVE
added 2025/03/20 10:9 a.m.54 views

CVE-2024-9098

CVE-2024-9098 affects lunary-ai/lunary prior to version 1.4.30. The root cause is a user-creation endpoint that allows admins to invite users with billing roles, bypassing access controls and enabling privilege escalation to billing resources. Documented impact is unauthorized access to billing r...

7.3CVSS7.3AI score0.00525EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2025/03/20 10:9 a.m.7 views

CVE-2024-10275 Improper Role Modification by Admins for Billing Permissions in lunary-ai/lunary

In version 1.5.5 of lunary-ai/lunary, a vulnerability exists where admins, who do not have direct permissions to access billing resources, can change the permissions of existing users to include billing permissions. This can lead to a privilege escalation scenario where an administrator can manag...

7.3CVSS0.00469EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2025/03/20 10:9 a.m.7 views

CVE-2024-10275 Improper Role Modification by Admins for Billing Permissions in lunary-ai/lunary

In version 1.5.5 of lunary-ai/lunary, a vulnerability exists where admins, who do not have direct permissions to access billing resources, can change the permissions of existing users to include billing permissions. This can lead to a privilege escalation scenario where an administrator can manag...

7.3CVSS7.3AI score0.00469EPSS
Exploits1References2
Huntr
Huntr
added 2024/10/19 9:6 a.m.5 views

Improper Role Modification by Admins for Billing Permissions

Description Admins, who do not have direct permissions to access billing resources, are able to change the permissions of existing users to have billing permissions. This can lead to a privilege escalation scenario where an administrator can: 1. Change the role of an existing user to include...

7.3CVSS7.7AI score0.00469EPSS
Exploits1
Rows per page
Query Builder