2 matches found
CVE-2026-47740
Shopper: Authorization bypass vulnerability in a headless e-commerce Admin Panel. Before 2.8.0, multiple Filament actions on the admin Order detail and Order shipments tables could be invoked by an authenticated user with only read_orders or browse_orders permissions, without needing edit_orders....
CVE-2026-25146
OpenEMR is a free and open source electronic health records and medical practice management application. From 5.0.2 to before 8.0.0, there are at least two paths where the gatewayapikey secret value is rendered to the client in plaintext. These secret keys being leaked could result in arbitrary...