Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

40 matches found

RedhatCVE
RedhatCVEadded 2 days ago5 views

CVE-2026-46518

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.1, a stored cross-site scripting vulnerability in the prescription CSS/HTML multi-print feature allows a patient portal user to execute arbitrary JavaScript in a...

8.7CVSS5.5AI score0.0004EPSS
Exploits1References1
NVD
NVDadded 3 days ago10 views

CVE-2026-46518

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.1, a stored cross-site scripting vulnerability in the prescription CSS/HTML multi-print feature allows a patient portal user to execute arbitrary JavaScript in a...

8.7CVSS0.0004EPSS
Exploits1References1
EUVD
EUVDadded 4 days ago5 views

EUVD-2026-35869

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.1, a stored cross-site scripting vulnerability in the prescription CSS/HTML multi-print feature allows a patient portal user to execute arbitrary JavaScript in a...

7.7CVSS5.5AI score0.0004EPSS
Exploits1References1
Cvelist
Cvelistadded 4 days ago30 views

CVE-2026-46518 OpenEMR: Stored XSS in prescription CSS/HTML print view via patient demographics

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.1, a stored cross-site scripting vulnerability in the prescription CSS/HTML multi-print feature allows a patient portal user to execute arbitrary JavaScript in a...

7.7CVSS0.0004EPSS
Exploits1References1
CVE
CVEadded 4 days ago8 views

CVE-2026-46518

OpenEMR vulnerability CVE-2026-46518: a stored XSS in the prescription CSS/HTML multi-print feature affects OpenEMR prior to version 8.0.0.1. A patient portal user can inject attacker-controlled HTML into patient_data via PUT /api/patient/:num and trigger JavaScript execution in a clinician’s bro...

8.7CVSS5.5AI score0.0004EPSS
Exploits1References1Affected Software1
Positive Technologies
Positive Technologiesadded 4 days ago5 views

PT-2026-48297

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.1, a stored cross-site scripting vulnerability in the prescription CSS/HTML multi-print feature allows a patient portal user to execute arbitrary JavaScript in a...

7.7CVSS5.5AI score0.0004EPSS
Exploits1References2
CVE
CVEadded 2026/02/25 1:18 a.m.9 views

CVE-2025-69231

CVE-2025-69231 affects OpenEMR prior to version 8.0.0. A stored cross-site scripting vulnerability exists in the GAD-7 anxiety assessment form that allows authenticated users with clinician privileges to inject JavaScript executed when other users view the form, enabling session hijacking, accoun...

8.7CVSS5.1AI score0.00047EPSS
Exploits1References2Affected Software1
ATTACKERKB
ATTACKERKBadded 2026/02/25 1:18 a.m.1 views

CVE-2025-69231

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, a stored cross-site scripting vulnerability in the GAD-7 anxiety assessment form allows authenticated users with clinician privileges to inject malicious JavaScript tha...

8.7CVSS5.1AI score0.00047EPSS
Exploits1References3Affected Software1
OSV
OSVadded 2026/02/25 1:18 a.m.4 views

CVE-2025-69231 OpenEMR has a Stored XSS in GAD-7 Form that Enables Session Hijacking and Privilege Escalation

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, a stored cross-site scripting vulnerability in the GAD-7 anxiety assessment form allows authenticated users with clinician privileges to inject malicious JavaScript tha...

8.7CVSS5.3AI score0.00047EPSS
Exploits1References4
CNNVD
CNNVDadded 2026/02/25 12:0 a.m.4 views

OpenEMR 跨站脚本漏洞

OpenEMR is a set of open-source medical management systems developed by the OpenEMR community. This system can be used for medical practice management, electronic medical records, prescription writing, and medical billing applications. Versions of OpenEMR prior to 8.0.0 contained a cross-site...

8.7CVSS5.6AI score0.00047EPSS
Exploits1References2
RedhatCVE
RedhatCVEadded 2026/01/09 9:22 a.m.7 views

CVE-2018-10631

The 8840 Clinician Programmer executes the application program from the 8870 Application Card. An attacker with physical access to an 8870 Application Card and sufficient technical capability can modify the contents of this card, including the binary executables. If modified to bypass protection...

6.8CVSS6.4AI score0.00152EPSS
Exploits0References1
EUVD
EUVDadded 2025/10/03 8:7 p.m.1 views

EUVD-2024-43156

Malicious code in bioql PyPI...

9.3CVSS6.6AI score0.00089EPSS
Exploits0References1
NVD
NVDadded 2024/11/14 10:15 p.m.16 views

CVE-2024-48971

The Clinician Password and Serial Number Clinician Password are hard-coded into the ventilator in plaintext form. This could allow an attacker to obtain the password off the ventilator and use it to gain unauthorized access to the device, with clinician privileges...

9.3CVSS0.00089EPSS
Exploits0References1
NVD
NVDadded 2024/11/14 9:15 p.m.10 views

CVE-2024-9832

There is no limit on the number of failed login attempts permitted with the Clinician Password or the Serial Number Clinician Password. An attacker could execute a brute-force attack to gain unauthorized access to the ventilator, and then make changes to device settings that could disrupt the...

9.3CVSS0.00089EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded 2024/11/14 9:13 p.m.13 views

CVE-2024-48971 Clinician Password and Serial Number Clinician Password are hard-coded in Life2000 Ventilator

The Clinician Password and Serial Number Clinician Password are hard-coded into the ventilator in plaintext form. This could allow an attacker to obtain the password off the ventilator and use it to gain unauthorized access to the device, with clinician privileges...

9.3CVSS7.2AI score0.00089EPSS
Exploits0References1
CVE
CVEadded 2024/11/14 9:13 p.m.45 views

CVE-2024-48971

The CVE-2024-48971 issue affects Baxter Life2000 Ventilation System where the Clinician Password and Serial Number Clinician Password are hard-coded in plaintext on the device, enabling an attacker to obtain credentials and gain unauthorized access with clinician privileges. Root cause cited incl...

9.3CVSS9.4AI score0.00089EPSS
Exploits0References1
Cvelist
Cvelistadded 2024/11/14 9:13 p.m.18 views

CVE-2024-48971 Clinician Password and Serial Number Clinician Password are hard-coded in Life2000 Ventilator

The Clinician Password and Serial Number Clinician Password are hard-coded into the ventilator in plaintext form. This could allow an attacker to obtain the password off the ventilator and use it to gain unauthorized access to the device, with clinician privileges...

9.3CVSS0.00089EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded 2024/11/14 9:3 p.m.11 views

CVE-2024-9832 No limit on failed login attempts with Clinician Password or Serial Number Clinician Password on Life2000 Ventilator

There is no limit on the number of failed login attempts permitted with the Clinician Password or the Serial Number Clinician Password. An attacker could execute a brute-force attack to gain unauthorized access to the ventilator, and then make changes to device settings that could disrupt the...

9.3CVSS6.8AI score0.00089EPSS
Exploits0References1
Positive Technologies
Positive Technologiesadded 2024/11/14 12:0 a.m.2 views

PT-2024-33306 · Unknown · Ventilator

Name of the Vulnerable Software and Affected Versions: Ventilator affected versions not specified Description: The Clinician Password and Serial Number Clinician Password are hard-coded into the ventilator in plaintext form. This could allow an attacker to obtain the password off the ventilator a...

9.3CVSS6.8AI score0.00089EPSS
Exploits0References5
Positive Technologies
Positive Technologiesadded 2024/11/14 12:0 a.m.2 views

PT-2024-39873 · Unknown · Ventilator

Name of the Vulnerable Software and Affected Versions: Ventilator affected versions not specified Description: The issue allows for an unlimited number of failed login attempts with the Clinician Password or the Serial Number Clinician Password. This enables an attacker to perform a brute-force...

9.3CVSS6.5AI score0.00089EPSS
Exploits0References5
Rows per page
Query Builder