Lucene search
K

43 matches found

NVD
NVD
added 2026/03/19 8:16 p.m.7 views

CVE-2026-25744

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.2, the encounter vitals API accepts an id in the request body and treats it as an UPDATE. There is no verification that the vital belongs to the current patient or encounter. An...

6.5CVSS0.00216EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/03/19 7:25 p.m.19 views

CVE-2026-25744 OpenEMR: POST /api/.../vital Accepts Attacker-Supplied id and Overwrites Arbitrary Vitals

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.2, the encounter vitals API accepts an id in the request body and treats it as an UPDATE. There is no verification that the vital belongs to the current patient or encounter. An...

6.5CVSS0.00216EPSS
Exploits1References2
CVE
CVE
added 2026/03/19 7:25 p.m.13 views

CVE-2026-25744

OpenEMR prior to 8.0.0.2 exposes a vulnerability in the encounter vitals API: it accepts an id in the request body and updates that vital without verifying ownership of the patient/encounter. An authenticated user with encounters/notes permission can overwrite another patient’s vitals, enabling m...

6.5CVSS5.8AI score0.00216EPSS
Exploits1References2Affected Software1
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2021-25736

Malware in sbrugna...

8.8CVSS8.8AI score0.01285EPSS
Exploits2References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.9 views

EUVD-2021-25735

Malware in sbrugna...

8.8CVSS8.8AI score0.01285EPSS
Exploits2References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.8 views

EUVD-2020-4353

Malware in sbrugna...

7.5CVSS7.5AI score0.00483EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.8 views

EUVD-2018-17208

Malware in sbrugna...

6.3CVSS6.5AI score0.00452EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-24620

Malicious code in bioql PyPI...

9.8CVSS6.6AI score0.00372EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/08/13 12:0 a.m.4 views

Danphe Health Hospital Management System EMR 安全漏洞

Danphe Health Hospital Management System EMR is a hospital management system from Danphe Health, Nepal. A security vulnerability exists in Danphe Health Hospital Management System EMR version 3.2, which stems from /Settings/SecuritySettingsController.cs not properly verifying permissions, which...

9.8CVSS7AI score0.00372EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/22 8:12 p.m.6 views

CVE-2021-39376

Philips Healthcare Tasy Electronic Medical Record EMR 3.06 allows SQL injection via the CorCadF2/executaConsultaEspecifico IECORPOASSIST or CDUSUARIOCONVENIO parameter...

8.8CVSS8AI score0.0125EPSS
Exploits2References1
WPVulnDB
WPVulnDB
added 2023/06/05 12:0 a.m.14 views

KiviCare Management System < 3.2.1 - Multiple CSRF

The plugin does not have CSRF checks either flawed or missing completely in various AJAX actions, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks. This includes, but is not limited to: Delete arbitrary appointments/medical records/etc, create/update...

8.8CVSS9AI score0.00389EPSS
Exploits2Affected Software1
wpexploit
wpexploit
added 2023/06/05 12:0 a.m.282 views

KiviCare Management System < 3.2.1 - Multiple CSRF

The plugin does not have CSRF checks either flawed or missing completely in various AJAX actions, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks. This includes, but is not limited to: Delete arbitrary appointments/medical records/etc, create/update...

8.8CVSS9.2AI score0.00389EPSS
Exploits2
CNNVD
CNNVD
added 2022/04/06 12:0 a.m.4 views

Apperta Foundation OpenEyes 跨站脚本漏洞

Apperta Foundation OpenEyes is an open source electronic medical record ERP from the Apperta Foundation. A security vulnerability in Apperta Foundation OpenEyes 3.5.1 allows remote attackers to inject arbitrary web script or HTML via the Address1 parameter...

5.4CVSS6AI score0.01218EPSS
Exploits1References3
Prion
Prion
added 2022/02/22 11:15 p.m.17 views

Design/Logic Flaw

OpenMRS is a patient-based medical record system focusing on giving providers a free customizable electronic medical record system. Affected versions are subject to arbitrary file exfiltration due to failure to sanitize request when satisfying GET requests for /images & /initfilter/scripts. This...

5CVSS7.6AI score0.01931EPSS
Exploits1References4Affected Software1
CVE
CVE
added 2022/02/22 10:55 p.m.161 views

CVE-2022-23612

OpenMRS suffers a directory traversal vulnerability in the startup filter that can allow an attacker to exfiltrate arbitrary files accessible to the OpenMRS user. Affected OpenMRS Core versions are 2.1.5, 2.2.1, 2.3.5, 2.4.5 and 2.5.3; mitigations include updating to the latest patch version for ...

7.5CVSS7.6AI score0.01931EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2022/02/22 10:55 p.m.17 views

CVE-2022-23612 Directory Traversal in OpenMRS Startup Filter

OpenMRS is a patient-based medical record system focusing on giving providers a free customizable electronic medical record system. Affected versions are subject to arbitrary file exfiltration due to failure to sanitize request when satisfying GET requests for /images & /initfilter/scripts. This...

7.5CVSS7.6AI score0.01931EPSS
Exploits1References6
OSV
OSV
added 2021/08/24 1:15 p.m.3 views

CVE-2021-39375

Philips Healthcare Tasy Electronic Medical Record EMR 3.06 allows SQL injection via the WAdvancedFilter/getDimensionItemsByCode FilterValue parameter...

8.8CVSS7.6AI score0.01285EPSS
Exploits2References1
ATTACKERKB
ATTACKERKB
added 2021/08/24 1:15 p.m.2 views

CVE-2021-39376

Philips Healthcare Tasy Electronic Medical Record EMR 3.06 allows SQL injection via the CorCadF2/executaConsultaEspecifico IECORPOASSIST or CDUSUARIOCONVENIO parameter...

8.8CVSS7.4AI score0.01285EPSS
Exploits2References3
ATTACKERKB
ATTACKERKB
added 2021/08/24 1:15 p.m.4 views

CVE-2021-39375

Philips Healthcare Tasy Electronic Medical Record EMR 3.06 allows SQL injection via the WAdvancedFilter/getDimensionItemsByCode FilterValue parameter...

8.8CVSS7.4AI score0.01285EPSS
Exploits2References3
ThreatPost
ThreatPost
added 2020/11/30 9:25 p.m.48 views

Post-Cyberattack, UVM Health Network Still Picking Up Pieces

More than a month after a cyberattack hit the University of Vermont UVM health network, the organization is still working to recover its systems. The UVM health network is a six-hospital, home-health and hospice system, which encompasses more than 1,000 physicians, 2,000 nurses and other clinicia...

0.3AI score
Exploits0References8
Rows per page
Query Builder