CVE-2026-33301

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.2, users with the Notes - my encounters role can fill Eye Exam forms in patient encounters. The answers to the form can be printed out in PDF form. An arbitrary file read...

CVE-2026-32119

CVE-2026-32119 affects OpenEMR up to version 8.0.0.1 (fixed in 8.0.0.2). The issue is a DOM-based stored XSS in the jQuery SearchHighlight plugin (library/js/SearchHighlight.js) where an authenticated user with encounter form write access can inject arbitrary JavaScript that executes in another c...

CVE-2026-32119

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.2, DOM-based stored XSS in the jQuery SearchHighlight plugin library/js/SearchHighlight.js allows an authenticated user with encounter form write access to inject arbitrary...

EUVD-2026-11393

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.1, sensitivity checks for group encounters are broken because the code only consults formencounter for sensitivity, while group encounters store sensitivity in...

CVE-2026-25930

OpenEMR before version 8.0.0 is affected by a vulnerability in the Layout-Based Form (LBF) printable view: the request can supply formid and visitid/patientid without verifying that the form belongs to the authenticated user’s patient/encounter. An authenticated user with LBF access can enumerate...

CVE-2025-11671

creationtimestamp| type| source ---|---|--- 2025-10-13 08:13:42+00:00| seen| Telegram/424jmxFnmD3-QZBx3TYLc8blE71ZYgdkUCSrnxvFWI4FCEo...

EUVD-2018-7029

Malware in sbrugna...

Malicious code in encounter-playground (npm)

The package was compromised and malicious code added. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e60b1e5e20cf97dc1520f1bc748ccea5054513b4d6cef4117655810541013d7c Any computer that has this package installed or running should be considered fully compromised. All...

MAL-2025-47312 Malicious code in encounter-playground (npm)

The package was compromised and malicious code added. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e60b1e5e20cf97dc1520f1bc748ccea5054513b4d6cef4117655810541013d7c Any computer that has this package installed or running should be considered fully compromised. All...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. Compromised versions of this package contain a file called bundle.js that exfiltrates secrets from the user's accounts, including credentials and API tokens. It also downloads malicious files and repackages them...

CVE-2025-4005

creationtimestamp| type| source ---|---|--- 2025-04-28 07:11:43+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/13661 2025-04-28 07:13:24+00:00| seen| https://bsky.app/profile/potato.software/post/3lnu7pr677c2b 2025-04-28 09:41:00+00:00| seen|...

afETH.withdrawTime() still returns an invalid withdrawTime.

See the markdown file with the details of this report here. --- The text was updated successfully, but these errors were encountered: All reactions...

BitDam Study Exposes High Miss Rates of Leading Email Security Systems

Imagine receiving an email from US VP Mike Pence's official email account asking for help because he has been stranded in the Philippines. Actually, you don't have to. This actually happened. Pence's email was hacked when he was still the governor of Indiana, and his account was used to attempt t...

OpenEMR SQL Injection Vulnerability (CNVD-2018-17196)

OpenEMR is an open source medical management system maintained by the OpenEMR community. The system can be used for medical practice management, electronic medical records, prescription writing and medical billing requests. A SQL injection vulnerability exists in the...

openEMR 4.2.0 Cross Site Scripting / SQL Injection

Advisory: Multiple reflecting/stored XSS- and SQLi-vulnerabilities in openEMR v.4.2.0 Advisory ID: SROEADV-2015-08 Author: Steffen Rösemann Affected Software: openEMR v.4.2.0 Release-date: 28th Dec 2014 Vendor URL: http://www.open-emr.org Vendor Status: patched CVE-ID: to be assigned after releas...

Directory traversal

Multiple directory traversal vulnerabilities in OpenEMR 4.1.0 allow remote authenticated users to read arbitrary files via a .. dot dot in the formname parameter to 1 contrib/acog/printform.php; or 2 loadform.php, 3 viewform.php, or 4 trendform.php in interface/patientfile/encounter...

CVE-2012-0991

Multiple directory traversal vulnerabilities in OpenEMR 4.1.0 allow remote authenticated users to read arbitrary files via a .. dot dot in the formname parameter to 1 contrib/acog/printform.php; or 2 loadform.php, 3 viewform.php, or 4 trendform.php in interface/patientfile/encounter...