Lucene search
K

1754 matches found

Cvelist
Cvelist
added 2026/03/27 12:0 a.m.19 views

CVE-2026-30689

A blog.admin v.8.0 and before system's getinfobytoken API interface contains an improper access control which leads to sensitive data exposure. Unauthorized parties can obtain sensitive administrator account information via a valid token, threatening system security...

0.00417EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2026/03/26 11:3 p.m.4 views

CVE-2026-33909

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, several variables in the MedEx recall/reminder processing code are concatenated directly into SQL queries without parameterization or type casting, enabling SQL...

5.9CVSS6AI score0.0033EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/26 11:3 p.m.4 views

CVE-2026-4824

A vulnerability has been found in Enter Software Iperius Backup up to 8.7.3. Affected by this issue is some unknown functionality of the component Backup Job Configuration File Handler. The manipulation leads to improper privilege management. The attack must be carried out locally. The attack is...

7.3CVSS6.1AI score0.00136EPSS
Exploits0References1
NVD
NVD
added 2026/03/26 7:17 p.m.4 views

CVE-2026-4926

Impact: A bad regular expression is generated any time you have multiple sequential optional groups curly brace syntax, such as abc:z. The generated regex grows exponentially with the number of groups, causing denial of service. Patches: Fixed in version 8.4.0. Workarounds: Limit the number of...

7.5CVSS0.00791EPSS
Exploits0References17
OSV
OSV
added 2026/03/26 7:17 p.m.5 views

UBUNTU-CVE-2026-4926

Impact: A bad regular expression is generated any time you have multiple sequential optional groups curly brace syntax, such as abc:z. The generated regex grows exponentially with the number of groups, causing denial of service. Patches: Fixed in version 8.4.0. Workarounds: Limit the number of...

7.5CVSS5.8AI score0.00791EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/03/26 6:59 p.m.2 views

CVE-2026-4926 path-to-regexp vulnerable to Denial of Service via sequential optional groups

Impact: A bad regular expression is generated any time you have multiple sequential optional groups curly brace syntax, such as abc:z. The generated regex grows exponentially with the number of groups, causing denial of service. Patches: Fixed in version 8.4.0. Workarounds: Limit the number of...

7.5CVSS5.9AI score0.00791EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/26 5:4 p.m.3 views

CVE-2026-25401

Missing Authorization vulnerability in Arni Cinco WPCargo Track & Trace wpcargo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPCargo Track & Trace: from n/a through = 8.0.2...

7.5CVSS5.8AI score0.00278EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/26 5:3 p.m.5 views

CVE-2026-23971

Deserialization of Untrusted Data vulnerability in xtemos WoodMart woodmart allows Object Injection.This issue affects WoodMart: from n/a through = 8.3.8...

8.1CVSS5.8AI score0.00308EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:17 p.m.4 views

CVE-2026-32423

Missing Authorization vulnerability in Bowo Admin and Site Enhancements ASE admin-site-enhancements allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Admin and Site Enhancements ASE: from n/a through = 8.4.0...

5.4CVSS5.8AI score0.00168EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:12 p.m.6 views

CVE-2026-25928

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.2, the DICOM zip/export feature uses a user-supplied destination or path component when creating the zip file, without sanitizing path traversal sequences e.g. ../. An attacker...

6.5CVSS6.6AI score0.00549EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:9 p.m.4 views

CVE-2026-33304

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.2, an authorization bypass in the dated reminders log allows any authenticated non-admin user to view reminder messages belonging to other users, including associated patient...

6.5CVSS5.9AI score0.00312EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:3 p.m.8 views

CVE-2026-30941

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 8.6.14 and 9.5.2-alpha.1, NoSQL injection vulnerability allows an unauthenticated attacker to inject MongoDB query operators via the token field in the password reset and email...

8.7CVSS5.8AI score0.00455EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:3 p.m.3 views

CVE-2026-29102

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. Prior to versions 7.15.1 and 8.9.3, an Authenticated Remote Code Execution RCE vulnerability exists in SuiteCRM modules. Versions 7.15.1 and 8.9.3 patch the issue...

8.8CVSS5.9AI score0.0049EPSS
Exploits0References1
OSV
OSV
added 2026/03/25 11:53 p.m.5 views

CVE-2026-34056 OpenEMR has a Privilege Escalation that Allows a Low-Level User to View Admin-Only Data

OpenEMR is a free and open source electronic health records and medical practice management application. A Broken Access Control vulnerability in OpenEMR up to and including version 8.0.0.3 allows low-privilege users to view and download Ensora eRx error logs without proper authorization checks...

7.7CVSS5.8AI score0.00271EPSS
Exploits1References4
CVE
CVE
added 2026/03/25 11:46 p.m.8 views

CVE-2026-34053

OpenEMR prior to version 8.0.0.3 has a missing authorization issue in the AJAX deletion endpoint at interface/forms/procedure_order/handle_deletions.php. This allows any authenticated user, regardless of role, to irreversibly delete procedure orders, answers, and specimens for any patient. Versio...

8.1CVSS5.8AI score0.00415EPSS
Exploits1References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/25 11:41 p.m.4 views

CVE-2026-33934

OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior to 8.0.0.3 have a missing authorization check in portal/sign/lib/show-signature.php that allows any authenticated patient portal user to retrieve the drawn signature image of an...

4.3CVSS6AI score0.00235EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2026/03/25 11:41 p.m.3 views

CVE-2026-33934 OpenEMR's Missing Authorization in show-signature.php Allows Portal Patients to Read Staff Signatures

OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior to 8.0.0.3 have a missing authorization check in portal/sign/lib/show-signature.php that allows any authenticated patient portal user to retrieve the drawn signature image of an...

4.3CVSS6.1AI score0.00235EPSS
Exploits1References5
OSV
OSV
added 2026/03/25 11:40 p.m.3 views

CVE-2026-33933 Reflected XSS via Unescaped contextName Parameter in Custom Template Editor

OpenEMR is a free and open source electronic health records and medical practice management application. Starting in version 7.0.2.1 and prior to version 8.0.0.3, a reflected cross-site scripting XSS vulnerability in the custom template editor allows an attacker to execute arbitrary JavaScript in...

6.1CVSS6AI score0.00271EPSS
Exploits1References6
Vulnrichment
Vulnrichment
added 2026/03/25 11:31 p.m.10 views

CVE-2026-33917 OpenEMR has SQL Injection in CAMOS Form

OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior to 8.0.0.3 contais a SQL injection vulnerability in the ajaxsave CAMOS form that can be exploited by authenticated attackers. The vulnerability exists due to insufficient input...

8.8CVSS5.8AI score0.00445EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/03/25 11:31 p.m.5 views

CVE-2026-33917

OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior to 8.0.0.3 contais a SQL injection vulnerability in the ajaxsave CAMOS form that can be exploited by authenticated attackers. The vulnerability exists due to insufficient input...

8.8CVSS5.8AI score0.00445EPSS
Exploits1References4Affected Software1
Rows per page
Query Builder