Lucene search
+L

4 matches found

nvd
nvd
added 2026/03/19 9:17 p.m.5 views

CVE-2026-33305

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.2, an authorization bypass in the optional FaxSMS module oe-module-faxsms allows any authenticated OpenEMR user to invoke controller methods — including getNotificationLog, whic...

5.4CVSS0.00212EPSS
Exploits1References2
cvelist
cvelist
added 2026/03/19 8:30 p.m.22 views

CVE-2026-33305 OpenEMR has Authorization Bypass in FaxSMS AppDispatch Constructor

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.2, an authorization bypass in the optional FaxSMS module oe-module-faxsms allows any authenticated OpenEMR user to invoke controller methods — including getNotificationLog, whic...

5.4CVSS0.00212EPSS
Exploits1References2
cve
cve
added 2026/03/19 8:30 p.m.16 views

CVE-2026-33305

OpenEMR (prior to 8.0.0.2) exposes an authorization bypass in the optional FaxSMS app: the AppDispatch constructor dispatches user-controlled actions, allowing any authenticated user to invoke controller methods (e.g., getNotificationLog) and access PHI without the required ACLs. The issue affect...

5.4CVSS5.9AI score0.00212EPSS
Exploits1References2Affected Software1
euvd
euvd
added 2026/03/19 8:30 p.m.16 views

EUVD-2026-13227

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.2, an authorization bypass in the optional FaxSMS module oe-module-faxsms allows any authenticated OpenEMR user to invoke controller methods — including getNotificationLog, whic...

5.4CVSS5.9AI score0.00212EPSS
Exploits1References2
Rows per page
Query Builder