280 matches found
CVE-2026-30521
A Business Logic vulnerability exists in SourceCodester Loan Management System v1.0 due to improper server-side validation. The application allows administrators to create "Loan Plans" with specific interest rates. While the frontend interface prevents users from entering negative numbers, this...
CVE-2026-30521
A Business Logic vulnerability exists in SourceCodester Loan Management System v1.0 due to improper server-side validation. The application allows administrators to create "Loan Plans" with specific interest rates. While the frontend interface prevents users from entering negative numbers, this...
CVE-2026-32126
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.1, an inverted boolean condition in ControllerRouter::route causes the admin/super ACL check to be enforced only for controllers that already have their own internal authorizati...
CVE-2026-32126
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.1, an inverted boolean condition in ControllerRouter::route causes the admin/super ACL check to be enforced only for controllers that already have their own internal authorizati...
EUVD-2026-11399
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.1, an inverted boolean condition in ControllerRouter::route causes the admin/super ACL check to be enforced only for controllers that already have their own internal authorizati...
CVE-2026-32126
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.1, an inverted boolean condition in ControllerRouter::route causes the admin/super ACL check to be enforced only for controllers that already have their own internal authorizati...
CVE-2026-32126 OpenEMR: Inverted ACL Condition in CDR ControllerRouter Allows Any Authenticated User to Modify/Delete Clinical Rules and Plans
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.1, an inverted boolean condition in ControllerRouter::route causes the admin/super ACL check to be enforced only for controllers that already have their own internal authorizati...
CVE-2026-32126 OpenEMR: Inverted ACL Condition in CDR ControllerRouter Allows Any Authenticated User to Modify/Delete Clinical Rules and Plans
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.1, an inverted boolean condition in ControllerRouter::route causes the admin/super ACL check to be enforced only for controllers that already have their own internal authorizati...
CVE-2026-32126 OpenEMR: Inverted ACL Condition in CDR ControllerRouter Allows Any Authenticated User to Modify/Delete Clinical Rules and Plans
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.1, an inverted boolean condition in ControllerRouter::route causes the admin/super ACL check to be enforced only for controllers that already have their own internal authorizati...
CVE-2026-32126
OpenEMR prior to version 8.0.0.1 contains an inverted boolean condition in ControllerRouter::route() that enforces the admin/super ACL check only for controllers with their own internal authorization (e.g., review, log). As a result, all other CDR controllers (alerts, ajax, edit, add, detail, bro...
OpenEMR 安全漏洞
OpenEMR is a set of open-source medical management systems developed by the OpenEMR community. This system can be used for medical practice management, electronic medical records, prescription writing, and medical billing applications. Versions of OpenEMR prior to 8.0.0.1 contained security...
PT-2026-24847
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.1, an inverted boolean condition in ControllerRouter::route causes the admin/super ACL check to be enforced only for controllers that already have their own internal authorizati...
What Is Exposure Management? A Modern Guide
Attackers don't just look for a single high-severity vulnerability; they look for a path of least resistance. They connect the dots between a misconfigured cloud service, an exposed credential, and an unpatched server to reach their goal. To build a strong defense, you need to see your environmen...
Does the UK really want to ban VPNs? And can it be done?
The idea of a "Great British Firewall" makes for a catchy headline, but it would be riddled with holes and cause huge problems. The Guardian reports that the GCHQ Government Communications Headquarters, a UK intelligence, security, and cyber agency, is exploring the idea of a British firewall...
CVE-2026-27839
wger is a free, open-source workout and fitness manager. In versions up to and including 2.4, three nutritionalvalues action endpoints fetch objects via Model.objects.getpk=pk — a raw ORM call that bypasses the user-scoped queryset. Any authenticated user can read another user's private nutrition...
CVE-2026-27839
wger is a free, open-source workout and fitness manager. In versions up to and including 2.4, three nutritionalvalues action endpoints fetch objects via Model.objects.getpk=pk — a raw ORM call that bypasses the user-scoped queryset. Any authenticated user can read another user's private nutrition...
Metadata Exposes Authors of ICE’s ‘Mega’ Detention Center Plans
Comments and other data left on a PDF detailing Homeland Security’s proposal to build “mega” detention and processing centers reveal the personnel involved in its creation...
Betterment data breach might be worse than we thought
Betterment LLC is an investment advisor registered with US Securities and Exchange Commission SEC. The company disclosed a January 2026 incident in which an attacker used social engineering to access a third‑party platform used for customer communications, then abused it to send crypto‑themed...
Poland Energy Sector Cyber Incident Highlights OT and ICS Security Gaps
The purpose of this Alert is to amplify Poland’s Computer Emergency Response Team CERT Polska’s Energy Sector Incident Report published on Jan. 30, 2026, and highlight key mitigations for Energy Sector stakeholders. In December 2025, a malicious cyber actors targeted and compromised operational...
EUVD-2025-206414
OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior to 7.0.4 have a vulnerability where sensitive data is unintentionally revealed to unauthorized parties. Contents of Clinical Notes and Care Plan, where an encounter has...