CVE-2026-25744

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.2, the encounter vitals API accepts an id in the request body and treats it as an UPDATE. There is no verification that the vital belongs to the current patient or encounter. An...

CVE-2026-25744 OpenEMR: POST /api/.../vital Accepts Attacker-Supplied id and Overwrites Arbitrary Vitals

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.2, the encounter vitals API accepts an id in the request body and treats it as an UPDATE. There is no verification that the vital belongs to the current patient or encounter. An...

CVE-2026-25744

OpenEMR prior to 8.0.0.2 exposes a vulnerability in the encounter vitals API: it accepts an id in the request body and updates that vital without verifying ownership of the patient/encounter. An authenticated user with encounters/notes permission can overwrite another patient’s vitals, enabling m...

PT-2026-26330

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.2, the encounter vitals API accepts an id in the request body and treats it as an UPDATE. There is no verification that the vital belongs to the current patient or encounter. An...

openSUSE Security Update : openssl (openSUSE-SU-2014:0096-1)

Fixed bnc857640, openssl: TLS record tampering issue can lead to OpenSSL crash Add file: CVE-2013-4353.patch %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update openSUSE-2014-63. The text...

openSUSE Security Update : openssl (openSUSE-SU-2014:0094-1)

Fixed bnc857640, openssl: TLS record tampering issue can lead to OpenSSL crash Add file: CVE-2013-4353.patch %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update openSUSE-2014-62. The text...

FreeBSD : openssl -- multiple vulnerabilities (5aaa257e-772d-11e3-a65a-3c970e169bc2)

OpenSSL development team reports : Major changes between OpenSSL 1.0.1e and OpenSSL 1.0.1f 6 Jan 2014 : - Fix for TLS record tampering bug CVE-2013-4353 - Fix for TLS version checking bug CVE-2013-6449 - Fix for DTLS retransmission bug CVE-2013-6450 %NASLMINLEVEL 70300 C Tenable Network Security,...

openssl -- multiple vulnerabilities

OpenSSL development team reports: Major changes between OpenSSL 1.0.1e and OpenSSL 1.0.1f 6 Jan 2014: Fix for TLS record tampering bug CVE-2013-4353 Fix for TLS version checking bug CVE-2013-6449 Fix for DTLS retransmission bug CVE-2013-6450...