14 matches found
CVE-2026-5253
A weakness has been identified in bufanyun HotGo 1.0/2.0. Affected by this vulnerability is an unknown functionality of the file /web/src/layout/components/Header/MessageList.vue of the component editNotice Endpoint. Executing a manipulation can lead to cross site scripting. The attack can be...
HotGo-V2 代码注入漏洞
HotGo-V2 is a secondary development framework developed by Meng Shuai as an individual project. Both the HotGo 1.0 and 2.0 versions contained code injection vulnerabilities. These vulnerabilities stemmed from incorrect operations on files located at...
CVE-2026-25124
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, the OpenEMR application is vulnerable to an access control flaw that allows low-privileged users, such as receptionists, to export the entire message list containing...
CVE-2026-25124
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, the OpenEMR application is vulnerable to an access control flaw that allows low-privileged users, such as receptionists, to export the entire message list containing...
CVE-2026-25124
CVE-2026-25124 : OpenEMR prior to version 8.0.0 contains an access control flaw in the message_list.php report export functionality. There is no permission check before executing sensitive database queries; only CSRF token verification exists, which does not prevent unauthorized data access if a ...
CVE-2026-25124 OpenEMR has Broken Access Control in Report/Clients/Message List CSV Export
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, the OpenEMR application is vulnerable to an access control flaw that allows low-privileged users, such as receptionists, to export the entire message list containing...
CVE-2026-25124 OpenEMR has Broken Access Control in Report/Clients/Message List CSV Export
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, the OpenEMR application is vulnerable to an access control flaw that allows low-privileged users, such as receptionists, to export the entire message list containing...
CVE-2026-25124 OpenEMR has Broken Access Control in Report/Clients/Message List CSV Export
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, the OpenEMR application is vulnerable to an access control flaw that allows low-privileged users, such as receptionists, to export the entire message list containing...
CVE-2026-25124
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, the OpenEMR application is vulnerable to an access control flaw that allows low-privileged users, such as receptionists, to export the entire message list containing...
PT-2026-21826
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, the OpenEMR application is vulnerable to an access control flaw that allows low-privileged users, such as receptionists, to export the entire message list containing...
OpenEMR 安全漏洞
OpenEMR is a set of open-source medical management systems developed by the OpenEMR community. This system can be used for medical practice management, electronic medical records, prescription writing, and medical billing applications. Versions of OpenEMR prior to 8.0.0 contained security...
CVE-2021-47049
In the Linux kernel, the following vulnerability has been resolved: Drivers: hv: vmbus: Use after free in vmbusopen The "openinfo" variable is added to the &vmbusconnection.chnmsglist, but the error handling frees "openinfo" without removing it from the list. This will result in a use after free...
PT-2023-10159 · Codepeople · Codepeople Cp-Polls Plugin
Name of the Vulnerable Software and Affected Versions: codepeople cp-polls Plugin version 1.0.1 Description: A critical issue has been found in the codepeople cp-polls Plugin, affecting unknown code of the file cp-admin-int-message-list.inc.php. The manipulation of the lu argument leads to sql...
WordPress plugin Thank Me Later 跨站脚本漏洞
WordPress is a blogging platform developed using the PHP language. WordPress plugin Thank Me Later 3.3.4 and previous versions have a cross-site scripting vulnerability that stems from the plugin's failure to clean up and escape message subject fields before they are exported to the message list,...