CVE-2026-33302

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.2, the module ACL function AclMain::zhAclCheck only checks for the presence of any "allow" user or group. It never checks for explicit "deny" allowed=0. As a result,...

CVE-2026-33302 OpenEMR: zhAclCheck Ignores Explicit ACL Denies

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.2, the module ACL function AclMain::zhAclCheck only checks for the presence of any "allow" user or group. It never checks for explicit "deny" allowed=0. As a result,...

CVE-2026-33302

OpenEMR prior to version 8.0.0.2 contains an ACL logic bug in the zhAclCheck function: it only checks for any allowed entry and does not enforce explicit denies (allowed=0). This means a user or group marked as deny can still gain access if they are in a group with an allowed entry. The issue can...

PT-2026-26344

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.2, the module ACL function AclMain::zhAclCheck only checks for the presence of any "allow" user or group. It never checks for explicit "deny" allowed=0. As a result,...

PT-2024-25803 · Deno · Deno

Name of the Vulnerable Software and Affected Versions: Deno versions prior to 1.43 Description: The Deno sandbox may be unexpectedly weakened by allowing file read/write access to privileged files in various locations on Unix and Windows platforms. For example, reading /proc/self/environ may...

CVE-2021-43858

MinIO is a Kubernetes native application for cloud storage. Prior to version RELEASE.2021-12-27T07-23-18Z, a malicious client can hand-craft an HTTP API call that allows for updating policy for a user and gaining higher privileges. The patch in version RELEASE.2021-12-27T07-23-18Z changes the...