CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

NVD•added 2026/02/25 7:43 p.m.•1 views

CVE-2026-24487

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, an authorization bypass vulnerability in the FHIR CareTeam resource endpoint allows patient-scoped FHIR tokens to access care team data for all patients instead of bein...

7.1CVSS0.00102EPSS

EUVD•added 2026/02/25 6:14 p.m.•2 views

EUVD-2026-8703

9.9CVSS6.1AI score0.00002EPSS

ATTACKERKB•added 2026/02/25 5:45 p.m.•1 views

CVE-2026-24487

7.1CVSS5.8AI score0.00102EPSS

Exploits1References3Affected Software1

EUVD•added 2026/02/25 5:39 p.m.•3 views

EUVD-2026-8700

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, an SQL injection vulnerability in the Immunization module allows any authenticated user to execute arbitrary SQL queries, leading to complete database compromise, PHI...

8.7CVSS6.6AI score0.0001EPSS

Cvelist•added 2026/02/25 5:39 p.m.•18 views

CVE-2026-23627 OpenEMR has SQL Injection in Immunization Search/Report

8.7CVSS0.0001EPSS

Positive Technologies•added 2026/02/25 12:0 a.m.•4 views

PT-2026-21974

Name of the Vulnerable Software and Affected Versions OpenEMR versions prior to 8.0.0 Description OpenEMR is an electronic health records and medical practice management application. A flaw exists in the Patient REST API endpoint where an authenticated user with API access can execute arbitrary S...

9.9CVSS5.8AI score0.00002EPSS

Exploits1References7

Positive Technologies•added 2026/02/25 12:0 a.m.•2 views

PT-2026-21971

Name of the Vulnerable Software and Affected Versions OpenEMR versions prior to 8.0.0 Description OpenEMR is an electronic health records and medical practice management application. A flaw exists where patient-scoped FHIR tokens can access care team data for all patients instead of being limited...

7.1CVSS5.1AI score0.00102EPSS

Exploits1References6

Packet Storm News•added 2026/02/24 12:0 a.m.•2 views

Analysis of LLMs against Prompt Injection and Jailbreak Attacks

Large Language Models LLMs are widely deployed in real-world systems. Given their broader applicability, prompt engineering has become an efficient tool for resource-scarce organizations to adopt LLMs for their own purposes. At the same time, LLMs are vulnerable to prompt-based attacks. Thus,...

6AI score

RedhatCVE•added 2026/01/09 9:55 a.m.•6 views

CVE-2020-12032

Baxter ExactaMix EM 2400 Versions 1.10, 1.11 and ExactaMix EM1200 Versions 1.1, 1.2 systems store device data with sensitive information in an unencrypted database. This could allow an attacker with network access to view or modify sensitive data including PHI...

9.1CVSS6.5AI score0.0011EPSS

Exploits0References1

EUVD•added 2025/11/13 3:23 a.m.•2 views

EUVD-2025-178339

Malicious code in iota-report-phi-good-public npm...

EUVD•added 2025/11/13 3:23 a.m.•1 views

EUVD-2025-179057

Malicious code in error-error-authorize-phi-mock npm...

OSV•added 2025/11/13 3:23 a.m.•1 views

MAL-2025-189229 Malicious code in rho-alpha-phi-cluster-water (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d6e7a4ef57dd54f76ac6aa11467b48f4f5cc687a1a46e1934d0b1dff8c2cf4f4 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.8AI score

EUVD•added 2025/11/13 3:23 a.m.•1 views

EUVD-2025-176646

Malicious code in rho-alpha-phi-cluster-water npm...

EUVD•added 2025/11/13 3:23 a.m.•0 views

EUVD-2025-175401

Malicious code in zero-finally-new-easy-phi npm...