Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

RedhatCVE
RedhatCVEadded 2026/06/05 7:13 p.m.6 views

CVE-2026-40075

OpenMRS Core is an open source electronic medical record system platform. In versions 2.7.8 and earlier and versions 2.8.0 through 2.8.5, the /openmrs/moduleResources/moduleid endpoint is vulnerable to a path traversal attack. The ModuleResourcesServlet constructs a filesystem path from...

8.2CVSS7.8AI score0.00558EPSS
Exploits1References1
Veracode
Veracodeadded 2026/05/16 5:32 a.m.18 views

Path Traversal

org.openmrs.web, openmrs-web is vulnerable to Path Traversal. The vulnerability is due to improper path boundary validation in the /openmrs/moduleResources/moduleid endpoint, where user-controlled input is concatenated into filesystem paths without normalization or restriction checks, which allow...

8.2CVSS7.4AI score0.00558EPSS
Exploits1References1Affected Software1
CVE
CVEadded 2026/05/05 9:25 p.m.18 views

CVE-2026-40075

OpenMRS Core <2.8.6 and 2.8.0–2.8.5 exposes a path traversal in ModuleResourcesServlet (/openmrs/moduleResources/{moduleid}) due to unsafe path construction without normalization, allowing unauthenticated reading of arbitrary files (e.g., /etc/passwd). Tomcat

8.2CVSS6AI score0.00558EPSS
Exploits1References1Affected Software1
ATTACKERKB
ATTACKERKBadded 2026/05/05 9:25 p.m.3 views

CVE-2026-40075

OpenMRS Core is an open source electronic medical record system platform. In versions 2.7.8 and earlier and versions 2.8.0 through 2.8.5, the /openmrs/moduleResources/moduleid endpoint is vulnerable to a path traversal attack. The ModuleResourcesServlet constructs a filesystem path from...

8.2CVSS6AI score0.00558EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichmentadded 2026/05/05 9:25 p.m.4 views

CVE-2026-40075 OpenMRS Core arbitrary file read via path traversal in ModuleResourcesServlet

OpenMRS Core is an open source electronic medical record system platform. In versions 2.7.8 and earlier and versions 2.8.0 through 2.8.5, the /openmrs/moduleResources/moduleid endpoint is vulnerable to a path traversal attack. The ModuleResourcesServlet constructs a filesystem path from...

8.2CVSS6AI score0.00558EPSS
Exploits1References1
Github Security Blog
Github Security Blogadded 2026/05/04 5:18 p.m.17 views

OpenMRS ModuleResourcesServlet has Path Traversal that Leads to Arbitrary File Read

Affected Versions version ≤ 2.7.8 latest version at time of disclosure https://github.com/openmrs/openmrs-core Impact The /openmrs/moduleResources/moduleid endpoint in OpenMRS Core is vulnerable to a path traversal attack. The ModuleResourcesServlet does not properly validate user-supplied path...

8.2CVSS6AI score0.00558EPSS
Exploits1References3Affected Software1
Positive Technologies
Positive Technologiesadded 2026/05/04 12:0 a.m.9 views

PT-2026-37100

Name of the Vulnerable Software and Affected Versions OpenMRS Core versions prior to 2.7.9 OpenMRS Core versions 2.8.0 through 2.8.5 Description The '/openmrs/moduleResources/moduleid' endpoint is susceptible to a path traversal attack. This occurs because the ModuleResourcesServlet uses the...

8.2CVSS5.9AI score0.00558EPSS
Exploits1References7
Rows per page
Query Builder