Lucene search
K

34308 matches found

CNNVD
CNNVD
added 2026/03/26 12:0 a.m.5 views

OpenEMR 安全漏洞

OpenEMR is a set of open-source medical management systems developed by the OpenEMR community. This system can be used for medical practice management, electronic medical records, prescription writing, and medical billing applications. Versions of OpenEMR prior to 8.0.0.3 contained security...

6.5CVSS5.8AI score0.00351EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/03/26 12:0 a.m.11 views

WordPress plugin Masteriyo LMS 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

9.8CVSS5.8AI score0.00353EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/03/26 12:0 a.m.7 views

WordPress plugin Amelia Booking 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

8.8CVSS7.5AI score0.00382EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/03/26 12:0 a.m.12 views

PT-2026-28198

Name of the Vulnerable Software and Affected Versions Amelia Booking plugin for WordPress versions up to 9.1.2 Description The Amelia Booking plugin for WordPress is susceptible to Insecure Direct Object References. The plugin allows user-controlled access to objects, potentially enabling a user ...

8.8CVSS5.8AI score0.00382EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2026/03/26 12:0 a.m.21 views

PT-2026-28182

Name of the Vulnerable Software and Affected Versions Saloon versions prior to 4.0.0 Description Saloon is a PHP library used for building API integrations and SDKs. The library used PHP's unserialize function in the AccessTokenAuthenticator::unserialize method, with allowed classes set to true, ...

9.8CVSS6.4AI score0.00622EPSS
Exploits0References8
CNVD
CNVD
added 2026/03/26 12:0 a.m.8 views

Unspecified Vulnerability in Google Chrome (CNVD-2026-15407)

Google Chrome is a web browser from Google, an American company. Google Chrome suffers from a security vulnerability that is due to an object lifecycle issue in PowerVR. An attacker can exploit the vulnerability to execute arbitrary code on the system...

8.8CVSS7.7AI score0.00377EPSS
Exploits0
EUVD
EUVD
added 2026/03/25 11:49 p.m.6 views

EUVD-2026-16048

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, the legacy patient notes functions in library/pnotes.inc.php perform updates and deletes using WHERE id = ? without verifying that the note belongs to a patient the...

8.1CVSS5.9AI score0.00274EPSS
Exploits1References3
CVE
CVE
added 2026/03/25 11:49 p.m.9 views

CVE-2026-34055

OpenEMR contains an IDOR in the web UI: legacy patient notes updates/deletes in library/pnotes.inc.php use WHERE id = ? without verifying the note belongs to the user’s accessible patient. Multiple web UI callers pass user-controlled note IDs, enabling unauthorized access/modification. Affects ve...

8.1CVSS5.9AI score0.00267EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/03/25 11:49 p.m.30 views

CVE-2026-34055 OpenEMR has IDOR in Patient Notes Web UI allows unauthorized note access/modification

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, the legacy patient notes functions in library/pnotes.inc.php perform updates and deletes using WHERE id = ? without verifying that the note belongs to a patient the...

8.1CVSS0.00267EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/03/25 11:36 p.m.3 views

CVE-2026-33931

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, an Insecure Direct Object Reference IDOR vulnerability in the patient portal payment page allows any authenticated portal patient to access other patients' payment...

6.5CVSS5.8AI score0.00351EPSS
Exploits1References4Affected Software1
CVE
CVE
added 2026/03/25 11:36 p.m.16 views

CVE-2026-33931

Vulnerability summary (CVE-2026-33931) : OpenEMR prior to version 8.0.0.3 contains an insecure direct object reference (IDOR) in the patient portal payment page. By manipulating the recid parameter in portal/portal_payment.php, any authenticated portal patient could access other patients’ payment...

6.5CVSS5.8AI score0.00351EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/25 11:36 p.m.4 views

CVE-2026-33931 OpenEMR has IDOR in Portal Payment Page that Allows Cross-Patient Record Access

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, an Insecure Direct Object Reference IDOR vulnerability in the patient portal payment page allows any authenticated portal patient to access other patients' payment...

6.5CVSS5.8AI score0.00351EPSS
Exploits1References3
OSV
OSV
added 2026/03/25 11:36 p.m.3 views

CVE-2026-33931 OpenEMR has IDOR in Portal Payment Page that Allows Cross-Patient Record Access

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, an Insecure Direct Object Reference IDOR vulnerability in the patient portal payment page allows any authenticated portal patient to access other patients' payment...

6.5CVSS5.9AI score0.00351EPSS
Exploits1References5
NVD
NVD
added 2026/03/25 11:17 p.m.5 views

CVE-2026-32120

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, an Insecure Direct Object Reference IDOR vulnerability in the fee sheet product save logic library/FeeSheet.class.php allows any authenticated user with fee sheet ACL...

6.5CVSS0.00254EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/03/25 10:27 p.m.4 views

CVE-2026-32120

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, an Insecure Direct Object Reference IDOR vulnerability in the fee sheet product save logic library/FeeSheet.class.php allows any authenticated user with fee sheet ACL...

6.5CVSS6AI score0.00254EPSS
Exploits1References4Affected Software1
EUVD
EUVD
added 2026/03/25 10:27 p.m.4 views

EUVD-2026-16010

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, an Insecure Direct Object Reference IDOR vulnerability in the fee sheet product save logic library/FeeSheet.class.php allows any authenticated user with fee sheet ACL...

6.5CVSS6AI score0.00254EPSS
Exploits1References3
OSV
OSV
added 2026/03/25 10:27 p.m.3 views

CVE-2026-32120 OpenEMR has IDOR in Fee Sheet Product Save

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, an Insecure Direct Object Reference IDOR vulnerability in the fee sheet product save logic library/FeeSheet.class.php allows any authenticated user with fee sheet ACL...

6.5CVSS6.1AI score0.00254EPSS
Exploits1References5
OSV
OSV
added 2026/03/25 9:55 p.m.6 views

GHSA-R64R-883R-WCWH AVideo: Unauthenticated CDN Configuration Takeover via Empty Default Key Bypass and Mass-Assignment

Summary The CDN plugin endpoints plugin/CDN/status.json.php and plugin/CDN/disable.json.php use key-based authentication with an empty string default key. When the CDN plugin is enabled but the key has not been configured the default state, the key validation check is completely bypassed, allowin...

8.6CVSS6AI score0.00356EPSS
Exploits1References4
EUVD
EUVD
added 2026/03/25 9:30 p.m.6 views

EUVD-2026-15976

IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to exposure of sensitive information via JSON server response manipulation...

6.5CVSS5.8AI score0.00214EPSS
Exploits0References2
EUVD
EUVD
added 2026/03/25 9:30 p.m.5 views

EUVD-2025-209022

IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable due to Insecure Direct Object Reference IDOR...

5.7CVSS5.8AI score0.00327EPSS
Exploits0References2
Rows per page
Query Builder