Lucene search
K

47674 matches found

CVE
CVE
added 2026/02/25 1:9 a.m.12 views

CVE-2025-67752

OpenEMR prior to version 7.0.4 disables SSL certificate verification in its HTTP client wrapper (oeHttp/oeHttpRequest) by default, setting verify: false. This creates a MITM risk for all HTTPS connections, including communications with government healthcare APIs and other external services, and c...

8.1CVSS5.5AI score0.00233EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2026/02/25 1:9 a.m.6 views

CVE-2025-67752 OpenEMR Has Disabled SSL Certificate Verification in HTTP Client

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 7.0.4, OpenEMR's HTTP client wrapper oeHttp/oeHttpRequest disables SSL/TLS certificate verification by default verify: false, making all external HTTPS connections vulnerable ...

8.1CVSS5.6AI score0.00233EPSS
Exploits1References4
Cvelist
Cvelist
added 2026/02/25 1:9 a.m.22 views

CVE-2025-67752 OpenEMR Has Disabled SSL Certificate Verification in HTTP Client

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 7.0.4, OpenEMR's HTTP client wrapper oeHttp/oeHttpRequest disables SSL/TLS certificate verification by default verify: false, making all external HTTPS connections vulnerable ...

8.1CVSS0.00233EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/02/25 1:9 a.m.2 views

CVE-2025-67752 OpenEMR Has Disabled SSL Certificate Verification in HTTP Client

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 7.0.4, OpenEMR's HTTP client wrapper oeHttp/oeHttpRequest disables SSL/TLS certificate verification by default verify: false, making all external HTTPS connections vulnerable ...

8.1CVSS5.9AI score0.00233EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/02/25 12:0 a.m.9 views

ASUSTOR ADM 安全漏洞

ASUSTOR ADM is a dedicated operating system developed by ASUSTOR Technology ASUSTOR for all ASUSTOR NAS devices. Vulnerabilities exist in versions 4.1.0 to 4.3.3.ROF1, and from 5.0.0 to 5.1.2.RE51 of ASUSTOR ADM. These vulnerabilities stem from the FTP backup feature not properly verifying TLS...

8.3CVSS5.8AI score0.00179EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/02/25 12:0 a.m.8 views

PT-2026-22001

Name of the Vulnerable Software and Affected Versions Rucio versions prior to 35.8.3, 38.5.4, and 39.3.1 Description Rucio is a software framework used for organizing, managing, and accessing large volumes of scientific data. A stored Cross-Site Scripting XSS issue exists in the Identity Name of...

6.1CVSS5.9AI score0.00287EPSS
Exploits1References12
Positive Technologies
Positive Technologies
added 2026/02/25 12:0 a.m.10 views

PT-2026-21876

Name of the Vulnerable Software and Affected Versions ASUSTOR ADM versions 4.1.0 through 4.3.3.ROF1 ASUSTOR ADM versions 5.0.0 through 5.1.2.RE51 Description The FTP Backup feature does not properly validate TLS certificates when connecting to an FTP server using FTPES/FTPS. This improper...

8.3CVSS5.4AI score0.00179EPSS
Exploits0References2
GitLab Advisory Database
GitLab Advisory Database
added 2026/02/25 12:0 a.m.10 views

Vikunja has Reflected HTML Injection via filter Parameter in its Projects Module

Vikunja is an open-source self-hosted task management platform with 3,300+ GitHub stars. A reflected HTML injection vulnerability exists in the Projects module where the filter URL parameter is rendered into the DOM without output encoding when the user clicks "Filter." While and are blocked, , ,...

6.1CVSS5.5AI score0.00221EPSS
Exploits1References8Affected Software1
CNNVD
CNNVD
added 2026/02/25 12:0 a.m.9 views

OpenEMR 信任管理问题漏洞

OpenEMR is a set of open-source medical management systems developed by the OpenEMR community. This system can be used for medical practice management, electronic medical records, prescription writing, and medical billing applications. Prior to OpenEMR 7.0.4, there was a vulnerability related to...

8.1CVSS5.8AI score0.00233EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/02/25 12:0 a.m.9 views

PT-2026-21816

Name of the Vulnerable Software and Affected Versions OpenEMR versions prior to 7.0.4 Description OpenEMR’s HTTP client wrapper oeHttp/oeHttpRequest has a default setting that disables SSL/TLS certificate verification verify: false. This makes all external HTTPS connections susceptible to...

8.1CVSS5.9AI score0.00233EPSS
Exploits1References9
NVD
NVD
added 2026/02/24 10:16 p.m.7 views

CVE-2026-25899

Fiber is an Express inspired web framework written in Go. In versions on the v3 branch prior to 3.1.0, the use of the fiberflash cookie can force an unbounded allocation on any server. A crafted 10-character cookie value triggers an attempt to allocate up to 85GB of memory via unvalidated msgpack...

7.5CVSS0.00396EPSS
Exploits1References2
CVE
CVE
added 2026/02/24 9:11 p.m.22 views

CVE-2026-25899

CVE-2026-25899 affects GoFiber (Fiber) v3 branch prior to 3.1.0. The issue arises from the use of the fiber_flash cookie, which can trigger unbounded memory allocation (up to ~85 GB) via unvalidated MsgPack deserialization. A crafted 10-character cookie causes the allocation, with no authenticati...

7.5CVSS5.3AI score0.00396EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2026/02/24 5:29 p.m.2 views

UBUNTU-CVE-2026-27586

Caddy is an extensible server platform that uses TLS by default. Prior to version 2.11.1, two swallowed errors in ClientAuthentication.provision cause mTLS client certificate authentication to silently fail open when a CA certificate file is missing, unreadable, or malformed. The server starts...

9.3CVSS5.8AI score0.00267EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2026/02/24 5:0 p.m.1 views

CVE-2026-27156 NiceGUI has XSS via Code Injection

NiceGUI is a Python-based UI framework. Prior to version 3.8.0, several NiceGUI APIs that execute methods on client-side elements Element.runmethod, AgGrid.rungridmethod, EChart.runchartmethod, and others use an eval fallback in the JavaScript-side runMethod function. When user-controlled input i...

6.1CVSS5.8AI score0.00163EPSS
Exploits0References2
NVD
NVD
added 2026/02/24 4:24 p.m.4 views

CVE-2026-27520

Binardat 10G08-0800GSM network switch firmware versions prior to V300SP10260209 store a user password in a client-side cookie as a Base64-encoded value accessible via the web interface. Because Base64 is reversible and provides no confidentiality, an attacker who can access the cookie value can...

8.7CVSS0.00196EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/02/24 3:58 p.m.3 views

CVE-2025-13776 Hard-coded database credentials in Finka software

Multiple Finka programs use hard-coded Firebird database credentials shared across all instances of this software. A malicious attacker in local network who knows default credentials is able to read and edit database content. This vulnerability has been fixed in version: Finka-FK 18.5, Finka-KPR...

8.6CVSS5.4AI score0.0015EPSS
Exploits0References2
NVD
NVD
added 2026/02/24 3:21 p.m.9 views

CVE-2026-27568

WWBN AVideo is an open source video platform. Prior to version 21.0, AVideo allows Markdown in video comments and uses Parsedown v1.7.4 without Safe Mode enabled. Markdown links are not sufficiently sanitized, allowing javascript: URIs to be rendered as clickable links. An authenticated...

6.1CVSS0.00229EPSS
Exploits0References3
NVD
NVD
added 2026/02/24 2:16 p.m.5 views

CVE-2026-2764

JIT miscompilation, use-after-free in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8...

9.8CVSS0.00469EPSS
Exploits0References34
Cvelist
Cvelist
added 2026/02/24 1:33 p.m.21 views

CVE-2026-2796 JIT miscompilation in the JavaScript: WebAssembly component

JIT miscompilation in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 148 and Thunderbird 148...

0.00625EPSS
Exploits2References3
Debian CVE
Debian CVE
added 2026/02/24 1:33 p.m.4 views

CVE-2026-2796

JIT miscompilation in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 148 and Thunderbird 148...

9.8CVSS8.8AI score0.00625EPSS
Exploits2
Rows per page
Query Builder