18 matches found
CVE-2026-33909
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, several variables in the MedEx recall/reminder processing code are concatenated directly into SQL queries without parameterization or type casting, enabling SQL...
CVE-2026-33909
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, several variables in the MedEx recall/reminder processing code are concatenated directly into SQL queries without parameterization or type casting, enabling SQL...
CVE-2026-33909
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, several variables in the MedEx recall/reminder processing code are concatenated directly into SQL queries without parameterization or type casting, enabling SQL...
EUVD-2026-16014
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, several variables in the MedEx recall/reminder processing code are concatenated directly into SQL queries without parameterization or type casting, enabling SQL...
CVE-2026-33909 OpenEMR Vulnerable to SQL Injection via Unsanitized Variables in MedEx Recall/Reminder Processing
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, several variables in the MedEx recall/reminder processing code are concatenated directly into SQL queries without parameterization or type casting, enabling SQL...
CVE-2026-33909
OpenEMR prior to v8.0.0.3 is vulnerable to SQL injection in the MedEx recall/reminder processing code, where several variables are concatenated directly into SQL queries without parameterization or type casting. The issue affects components used for recall/reminder processing; CVE-2026-33909 is m...
CVE-2026-33909 OpenEMR Vulnerable to SQL Injection via Unsanitized Variables in MedEx Recall/Reminder Processing
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, several variables in the MedEx recall/reminder processing code are concatenated directly into SQL queries without parameterization or type casting, enabling SQL...
CVE-2026-33909 OpenEMR Vulnerable to SQL Injection via Unsanitized Variables in MedEx Recall/Reminder Processing
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, several variables in the MedEx recall/reminder processing code are concatenated directly into SQL queries without parameterization or type casting, enabling SQL...
CVE-2026-24898
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0, an unauthenticated token disclosure vulnerability in the MedEx callback endpoint allows any unauthenticated visitor to obtain the practice's MedEx API tokens, leading to comple...
CVE-2026-24898
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0, an unauthenticated token disclosure vulnerability in the MedEx callback endpoint allows any unauthenticated visitor to obtain the practice's MedEx API tokens, leading to comple...
EUVD-2026-9328
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0, an unauthenticated token disclosure vulnerability in the MedEx callback endpoint allows any unauthenticated visitor to obtain the practice's MedEx API tokens, leading to comple...
CVE-2026-24898 OpenEMR has an Unauthenticated MedEx Token Disclosure
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0, an unauthenticated token disclosure vulnerability in the MedEx callback endpoint allows any unauthenticated visitor to obtain the practice's MedEx API tokens, leading to comple...
CVE-2026-24898 OpenEMR has an Unauthenticated MedEx Token Disclosure
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0, an unauthenticated token disclosure vulnerability in the MedEx callback endpoint allows any unauthenticated visitor to obtain the practice's MedEx API tokens, leading to comple...
CVE-2026-24898
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0, an unauthenticated token disclosure vulnerability in the MedEx callback endpoint allows any unauthenticated visitor to obtain the practice's MedEx API tokens, leading to comple...
CVE-2026-24898 OpenEMR has an Unauthenticated MedEx Token Disclosure
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0, an unauthenticated token disclosure vulnerability in the MedEx callback endpoint allows any unauthenticated visitor to obtain the practice's MedEx API tokens, leading to comple...
CVE-2026-24898
OpenEMR before version 8.0.0 contains an unauthenticated disclosure in the MedEx callback endpoint. The endpoint bypasses authentication ($ignoreAuth = true) and returns the full JSON response, including MedEx API tokens, when a callback_key is posted. This enables unauthenticated visitors to obt...
PT-2026-22835
Name of the Vulnerable Software and Affected Versions OpenEMR versions prior to 8.0.0 Description OpenEMR is an electronic health records and medical practice management application. A flaw in the MedEx callback endpoint allows unauthenticated access to the practice's MedEx API tokens. This can...
OpenEMR 授权问题漏洞
OpenEMR is a set of open-source medical management systems developed by the OpenEMR community. This system can be used for medical practice management, electronic medical records, prescription writing, and medical billing applications. Versions of OpenEMR prior to 8.0.0 contained vulnerabilities...