Lucene search
K

1754 matches found

EUVD
EUVD
added 2026/03/25 11:23 p.m.4 views

EUVD-2026-16030

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, five insurance company REST API routes are missing the RestConfig::requestauthorizationcheck call that every other data-modifying route in the standard API uses. This...

5.4CVSS5.8AI score0.00227EPSS
Exploits0References3
CVE
CVE
added 2026/03/25 11:23 p.m.13 views

CVE-2026-33915

OpenEMR (open-source EHR/PM) has a vulnerability in versions prior to 8.0.0.3 where five insurance company REST API routes lack the RestConfig::request_authorization_check() check used by other data-modifying routes. This permits any authenticated API user to create or modify insurance company re...

5.4CVSS5.8AI score0.00227EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2026/03/25 11:17 p.m.6 views

CVE-2026-33913

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, an authenticated user with access to the Carecoordination module can upload a crafted CCDA document containing to read arbitrary files from the server. Version 8.0.0....

7.7CVSS0.00294EPSS
Exploits1References3
NVD
NVD
added 2026/03/25 11:17 p.m.6 views

CVE-2026-33912

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, an authenticated attacker could craft a malicious form that, when submitted by a victim, executes arbitrary JavaScript in the victim's browser session. Version 8.0.0....

5.4CVSS0.00219EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/03/25 10:52 p.m.3 views

CVE-2026-33913 OpenEMR: XInclude Injection in CCDA Import Allows Reading Arbitrary Server Files

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, an authenticated user with access to the Carecoordination module can upload a crafted CCDA document containing to read arbitrary files from the server. Version 8.0.0....

7.7CVSS5.9AI score0.00294EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/03/25 10:51 p.m.2 views

CVE-2026-33912

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, an authenticated attacker could craft a malicious form that, when submitted by a victim, executes arbitrary JavaScript in the victim's browser session. Version 8.0.0....

5.4CVSS5.9AI score0.00219EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2026/03/25 10:27 p.m.3 views

CVE-2026-32120 OpenEMR has IDOR in Fee Sheet Product Save

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, an Insecure Direct Object Reference IDOR vulnerability in the fee sheet product save logic library/FeeSheet.class.php allows any authenticated user with fee sheet ACL...

6.5CVSS6.1AI score0.00254EPSS
Exploits1References5
ATTACKERKB
ATTACKERKB
added 2026/03/25 10:27 p.m.4 views

CVE-2026-32120

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, an Insecure Direct Object Reference IDOR vulnerability in the fee sheet product save logic library/FeeSheet.class.php allows any authenticated user with fee sheet ACL...

6.5CVSS6AI score0.00254EPSS
Exploits1References4Affected Software1
CVE
CVE
added 2026/03/25 10:24 p.m.10 views

CVE-2026-29187

OpenEMR has an authenticated blind boolean-based SQL injection vulnerability in the Patient Search feature (/interface/new/new_search_popup.php) present before version 8.0.0.3. The flaw allows an attacker to influence SQL logic by manipulating HTTP parameter keys, enabling arbitrary SQL commands....

8.8CVSS6.2AI score0.00473EPSS
Exploits3References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/25 4:14 p.m.3 views

CVE-2026-23971 WordPress WoodMart theme <= 8.3.8 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in xtemos WoodMart woodmart allows Object Injection.This issue affects WoodMart: from n/a through = 8.3.8...

8.1CVSS5.9AI score0.00308EPSS
Exploits0References1
CVE
CVE
added 2026/03/25 4:14 p.m.15 views

CVE-2026-23971

CVE-2026-23971 concerns a Deserialization of Untrusted Data vulnerability in the WordPress WoodMart theme (WoodMart) affecting versions from unknown up to and including 8.3.8. The underlying issue is PHP Object Injection via untrusted data deserialization, with a high impact profile (CVSS 3.1: 8....

8.1CVSS5.8AI score0.00308EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/03/25 12:0 a.m.8 views

PT-2026-28156

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, missing authorization in the AJAX deletion endpoint interface/forms/procedure order/handle deletions.php allows any authenticated user, regardless of role, to...

7.1CVSS5.8AI score0.00415EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/03/25 12:0 a.m.6 views

PT-2026-27843

CVE-2026-23971 Deserialization of Untrusted Data vulnerability in xtemos WoodMart woodmart allows Object Injection.This issue affects WoodMart: from n/a through = 8.3.8. https://t.co/0me4zW3qJ4...

5.9AI score0.00308EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/03/25 12:0 a.m.4 views

PT-2026-28152

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, a stored cross-site scripting vulnerability in the CCDA document preview allows an attacker who can upload or send a CCDA document to execute arbitrary JavaScript in ...

7.6CVSS5.9AI score0.00187EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/03/25 12:0 a.m.6 views

PT-2026-28141

Name of the Vulnerable Software and Affected Versions OpenEMR versions prior to 8.0.0.3 Description OpenEMR is an electronic health records and medical practice management application. Prior to version 8.0.0.3, the title POST parameter is reflected in a JSON response created using json encode. Du...

5.4CVSS6.1AI score0.00228EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/03/25 12:0 a.m.10 views

PT-2026-27875

Name of the Vulnerable Software and Affected Versions UpSolution Core versions through 8.41 Description The software contains a flaw due to improper neutralization of input during web page generation, leading to a Reflected Cross-Site Scripting XSS condition. This allows for the execution of...

7.1CVSS6.1AI score0.0018EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/03/24 6:18 p.m.19 views

CVE-2026-33498 Parse Server: Query condition depth bypass via pre-validation transform pipeline

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.55 and 9.6.0-alpha.44, an attacker can send an unauthenticated HTTP request with a deeply nested query containing logical operators to permanently hang the Parse Server...

8.7CVSS0.00452EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/03/24 10:36 a.m.7 views

mysql: Optimizer unspecified vulnerability (CPU Jan 2026)

Oracle CPU describes the issue as following: Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.0-8.0.44, 8.4.0-8.4.7 and 9.0.0-9.5.0. Easily exploitable vulnerability allows low privileged attacker with network...

6.5CVSS6.9AI score0.00257EPSS
Exploits0References5
EUVD
EUVD
added 2026/03/24 12:30 a.m.3 views

EUVD-2025-208954

Census CSWeb 8.0.1 allows "app/config" to be reachable via HTTP in some deployments. A remote, unauthenticated attacker could send requests to configuration files and obtain leaked secrets. Fixed in 8.1.0 alpha...

9.3CVSS5.8AI score0.00405EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/03/24 12:0 a.m.23 views

CVE-2026-30661

iCMS v8.0.0 contains a Cross-Site Scripting XSS vulnerability in the User Management component, specifically within the index.html file. This allows remote attackers to execute arbitrary web script or HTML via the regip or loginip parameters...

0.00205EPSS
Exploits1References1
Rows per page
Query Builder