EUVD-2018-21920

The Open ISES Project 3.30A contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the frmpasswd parameter. Attackers can send POST requests to main.php with crafted SQL payloads to extract sensitive...

CVE-2026-24896

OpenEMR prior to version 8.0.0 contains a Broken Access Control vulnerability in the edih_main.php endpoint. An authenticated user, including low-privilege roles (e.g., Receptionist), can access EDI log files by manipulating the log_select parameter in a GET request. The backend does not enforce ...

OpenEMR 访问控制错误漏洞

OpenEMR is a set of open-source medical management systems developed by the OpenEMR community. This system can be used for medical practice management, electronic medical records, prescription writing, and medical billing applications. Prior to OpenEMR 8.0.0, there was an access control...

CVE-2025-56451

Cross site scripting vulnerability in seeyon Zhiyuan A8+ Collaborative Management Software 7.0 via the topValue parameter to the seeyon/main.do endpoint...