43 matches found
CVE-2026-25744
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.2, the encounter vitals API accepts an id in the request body and treats it as an UPDATE. There is no verification that the vital belongs to the current patient or encounter. An...
CVE-2026-25744 OpenEMR: POST /api/.../vital Accepts Attacker-Supplied id and Overwrites Arbitrary Vitals
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.2, the encounter vitals API accepts an id in the request body and treats it as an UPDATE. There is no verification that the vital belongs to the current patient or encounter. An...
CVE-2026-25744
OpenEMR prior to 8.0.0.2 exposes a vulnerability in the encounter vitals API: it accepts an id in the request body and updates that vital without verifying ownership of the patient/encounter. An authenticated user with encounters/notes permission can overwrite another patient’s vitals, enabling m...
EUVD-2021-25736
Malware in sbrugna...
EUVD-2021-25735
Malware in sbrugna...
EUVD-2020-4353
Malware in sbrugna...
EUVD-2018-17208
Malware in sbrugna...
EUVD-2025-24620
Malicious code in bioql PyPI...
Danphe Health Hospital Management System EMR 安全漏洞
Danphe Health Hospital Management System EMR is a hospital management system from Danphe Health, Nepal. A security vulnerability exists in Danphe Health Hospital Management System EMR version 3.2, which stems from /Settings/SecuritySettingsController.cs not properly verifying permissions, which...
CVE-2021-39376
Philips Healthcare Tasy Electronic Medical Record EMR 3.06 allows SQL injection via the CorCadF2/executaConsultaEspecifico IECORPOASSIST or CDUSUARIOCONVENIO parameter...
KiviCare Management System < 3.2.1 - Multiple CSRF
The plugin does not have CSRF checks either flawed or missing completely in various AJAX actions, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks. This includes, but is not limited to: Delete arbitrary appointments/medical records/etc, create/update...
KiviCare Management System < 3.2.1 - Multiple CSRF
The plugin does not have CSRF checks either flawed or missing completely in various AJAX actions, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks. This includes, but is not limited to: Delete arbitrary appointments/medical records/etc, create/update...
Apperta Foundation OpenEyes 跨站脚本漏洞
Apperta Foundation OpenEyes is an open source electronic medical record ERP from the Apperta Foundation. A security vulnerability in Apperta Foundation OpenEyes 3.5.1 allows remote attackers to inject arbitrary web script or HTML via the Address1 parameter...
Design/Logic Flaw
OpenMRS is a patient-based medical record system focusing on giving providers a free customizable electronic medical record system. Affected versions are subject to arbitrary file exfiltration due to failure to sanitize request when satisfying GET requests for /images & /initfilter/scripts. This...
CVE-2022-23612
OpenMRS suffers a directory traversal vulnerability in the startup filter that can allow an attacker to exfiltrate arbitrary files accessible to the OpenMRS user. Affected OpenMRS Core versions are 2.1.5, 2.2.1, 2.3.5, 2.4.5 and 2.5.3; mitigations include updating to the latest patch version for ...
CVE-2022-23612 Directory Traversal in OpenMRS Startup Filter
OpenMRS is a patient-based medical record system focusing on giving providers a free customizable electronic medical record system. Affected versions are subject to arbitrary file exfiltration due to failure to sanitize request when satisfying GET requests for /images & /initfilter/scripts. This...
CVE-2021-39375
Philips Healthcare Tasy Electronic Medical Record EMR 3.06 allows SQL injection via the WAdvancedFilter/getDimensionItemsByCode FilterValue parameter...
CVE-2021-39376
Philips Healthcare Tasy Electronic Medical Record EMR 3.06 allows SQL injection via the CorCadF2/executaConsultaEspecifico IECORPOASSIST or CDUSUARIOCONVENIO parameter...
CVE-2021-39375
Philips Healthcare Tasy Electronic Medical Record EMR 3.06 allows SQL injection via the WAdvancedFilter/getDimensionItemsByCode FilterValue parameter...
Post-Cyberattack, UVM Health Network Still Picking Up Pieces
More than a month after a cyberattack hit the University of Vermont UVM health network, the organization is still working to recover its systems. The UVM health network is a six-hospital, home-health and hospice system, which encompasses more than 1,000 physicians, 2,000 nurses and other clinicia...