Lucene search
K

23 matches found

CNNVD
CNNVD
added 2026/05/26 12:0 a.m.9 views

epa4all-client 信任管理问题漏洞

epa4all-client is an open-source document writing client tool developed by Oviva AG. Versions of epa4all-client prior to version 1.2.2 contained a vulnerability related to trust management. This vulnerability allowed attackers to present arbitrary TLS certificates on the network path and intercep...

8.1CVSS5.9AI score0.00138EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/05/15 6:29 p.m.15 views

epa4all-client: TLS Certificate Validation Disabled in Production

Impact An attacker on the network path between the ePA service and the Konnektor can present any TLS certificate self-signed, expired, wrong CN and intercept all SOAP traffic. This includes patient identifiers KVNR, SMC-B card operations authentication, signing, document content, and credential...

8.1CVSS5.8AI score0.00138EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2026/05/04 7:31 p.m.7 views

GHSA-XJ4F-8JJG-VX4Q OpenMRS has Stored Velocity SSTI to RCE via ConceptReferenceRange

Impact The ConceptReferenceRangeUtility.evaluateCriteria method in OpenMRS Core evaluates database-stored criteria strings as Apache Velocity templates without any sandbox configuration. The VelocityEngine is initialized with only logging properties and noSecureUberspector, leaving the default...

9.1CVSS6.4AI score0.00317EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/05/04 7:31 p.m.10 views

OpenMRS has Stored Velocity SSTI to RCE via ConceptReferenceRange

Impact The ConceptReferenceRangeUtility.evaluateCriteria method in OpenMRS Core evaluates database-stored criteria strings as Apache Velocity templates without any sandbox configuration. The VelocityEngine is initialized with only logging properties and noSecureUberspector, leaving the default...

9.1CVSS6.4AI score0.00317EPSS
Exploits0References5Affected Software1
CNNVD
CNNVD
added 2026/04/29 12:0 a.m.9 views

CDAC e-Sushrut 安全漏洞

CDAC e-Sushrut is a system platform provided by the Indian CDAC company that facilitates hospital information management and medical process support. There is a security vulnerability in CDAC e-Sushrut, which stems from improper access control during resource access verification. This vulnerabili...

7.1CVSS5.8AI score0.00226EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/05 8:45 p.m.14 views

CVE-2019-25678 C4G BLIS 3.4 SQL Injection via users_select.php

C4G Basic Laboratory Information System 3.4 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL commands by injecting malicious code through the site parameter. Attackers can send GET requests to the usersselect.php endpoint with crafted S...

8.8CVSS0.00272EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2026/03/26 3:0 p.m.5 views

CVE-2026-2991

The KiviCare – Clinic & Patient Management System EHR plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 4.1.2. This is due to the patientSocialLogin function not verifying the social provider access token before authenticating a user. This makes it...

9.8CVSS5.9AI score0.00434EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/03/18 3:28 p.m.9 views

CVE-2026-2991 KiviCare – Clinic & Patient Management System (EHR) <= 4.1.2 - Unauthenticated Authentication Bypass via Social Login Token

The KiviCare – Clinic & Patient Management System EHR plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 4.1.2. This is due to the patientSocialLogin function not verifying the social provider access token before authenticating a user. This makes it...

7.3CVSS5.9AI score0.00434EPSS
Exploits1References4
CVE
CVE
added 2026/03/18 3:28 p.m.16 views

CVE-2026-2991

The CVE-2026-2991 affects the KiviCare – Clinic & Patient Management System (EHR) WordPress plugin (

7.3CVSS5.9AI score0.00434EPSS
Exploits1References4
OSV
OSV
added 2026/03/03 10:10 p.m.6 views

CVE-2026-24898 OpenEMR has an Unauthenticated MedEx Token Disclosure

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0, an unauthenticated token disclosure vulnerability in the MedEx callback endpoint allows any unauthenticated visitor to obtain the practice's MedEx API tokens, leading to comple...

10CVSS5.9AI score0.00555EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2026/02/28 7:45 p.m.7 views

CVE-2026-25147

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, in portal/portalpayment.php, the patient id used for the page is taken from the request $pid = $REQUEST'pid' ?? $pid and $pid = $REQUEST'hiddenpatientcode' ?? null 0 ?...

7.1CVSS5.9AI score0.0022EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/02/26 4:16 a.m.4 views

CVE-2026-25135

OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior to 8.0.0 have an information disclosure vulnerability that leaks the entire contact information for all users, organizations, and patients in the system to anyone who has the...

4.5CVSS5.3AI score0.00219EPSS
Exploits0References1
NVD
NVD
added 2026/02/25 7:43 p.m.7 views

CVE-2026-25930

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, the Layout-Based Form LBF printable view accepts formid and visitid or patientid from the request and does not verify that the form belongs to the current user’s...

6.5CVSS0.0026EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/02/25 5:45 p.m.21 views

CVE-2026-24487 OpenEMR has FHIR Patient Compartment Bypass in CareTeam Resource

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, an authorization bypass vulnerability in the FHIR CareTeam resource endpoint allows patient-scoped FHIR tokens to access care team data for all patients instead of bein...

7.1CVSS0.00266EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/02/25 12:0 a.m.10 views

OpenEMR 安全漏洞

OpenEMR is a set of open-source medical management systems developed by the OpenEMR community. This system can be used for medical practice management, electronic medical records, prescription writing, and medical billing applications. Versions of OpenEMR prior to 8.0.0 contained security...

8.1CVSS5.8AI score0.0026EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2025/05/22 9:18 p.m.9 views

CVE-2021-32101

The Patient Portal of OpenEMR 5.0.2.1 is affected by a incorrect access control system in portal/patient/machineconfig.php. To exploit the vulnerability, an unauthenticated attacker can register an account, bypassing the permission check of this portal's API. Then, the attacker can then manipulat...

8.2CVSS6.8AI score0.01183EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/01/30 6:17 p.m.11 views

CVE-2025-0683 Exposure of Private Personal Information to an Unauthorized Actor vulnerability in Contec Health CMS8000 Patient Monitor

In its default configuration, Contec Health CMS8000 Patient Monitor transmits plain-text patient data to a hard-coded public IP address when a patient is hooked up to the monitor. This could lead to a leakage of confidential patient data to any device with that IP address or an attacker in a...

8.2CVSS5.8AI score0.00763EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/01/30 6:17 p.m.21 views

CVE-2025-0683 Exposure of Private Personal Information to an Unauthorized Actor vulnerability in Contec Health CMS8000 Patient Monitor

In its default configuration, Contec Health CMS8000 Patient Monitor transmits plain-text patient data to a hard-coded public IP address when a patient is hooked up to the monitor. This could lead to a leakage of confidential patient data to any device with that IP address or an attacker in a...

8.2CVSS0.00763EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/03/19 12:0 a.m.4 views

OpenClinic GA Security Vulnerability

OpenClinic GA is an open source hospital information management system. The system supports financial management, clinical management and laboratory management. A security vulnerability exists in OpenClinic GA version 5.247.01, which stems from allowing patient lists to be retrieved via a query...

9.1CVSS6.5AI score0.00917EPSS
Exploits0References3
GithubExploit
GithubExploit
added 2024/01/02 8:41 a.m.302 views

Exploit for Cross-site Scripting in Phpgurukul Hospital_Management_System

CVE-2023-7173: Stored Cross-Site Scripting XSS in Hospital M...

7.5CVSS5.5AI score0.0146EPSS
Exploits4
Rows per page
Query Builder