Lucene search
K

60485 matches found

Cvelist
Cvelist
added 2026/03/19 7:41 p.m.21 views

CVE-2026-32119 OpenEMR has Stored DOM XSS via SearchHighlight text-node reconstruction on Custom Report page

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.2, DOM-based stored XSS in the jQuery SearchHighlight plugin library/js/SearchHighlight.js allows an authenticated user with encounter form write access to inject arbitrary...

4.4CVSS0.00156EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/03/19 7:41 p.m.3 views

CVE-2026-32119

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.2, DOM-based stored XSS in the jQuery SearchHighlight plugin library/js/SearchHighlight.js allows an authenticated user with encounter form write access to inject arbitrary...

4.4CVSS5.9AI score0.00156EPSS
Exploits1References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/19 7:27 p.m.3 views

CVE-2026-25928

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.2, the DICOM zip/export feature uses a user-supplied destination or path component when creating the zip file, without sanitizing path traversal sequences e.g. ../. An attacker...

6.5CVSS6.5AI score0.00549EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/19 7:27 p.m.2 views

CVE-2026-25928 OpenEMR Vulnerable to Path Traversal When Zipping DICOM Folders

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.2, the DICOM zip/export feature uses a user-supplied destination or path component when creating the zip file, without sanitizing path traversal sequences e.g. ../. An attacker...

6.5CVSS6.6AI score0.00549EPSS
Exploits1References2
OSV
OSV
added 2026/03/19 7:27 p.m.5 views

CVE-2026-25928 OpenEMR Vulnerable to Path Traversal When Zipping DICOM Folders

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.2, the DICOM zip/export feature uses a user-supplied destination or path component when creating the zip file, without sanitizing path traversal sequences e.g. ../. An attacker...

6.5CVSS6.5AI score0.00549EPSS
Exploits1References4
CVE
CVE
added 2026/03/19 7:27 p.m.23 views

CVE-2026-25928

OpenEMR (product) has a path traversal vulnerability in the DICOM zip/export feature prior to version 8.0.0.2. The feature uses a user-supplied destination/path without sanitizing ../ sequences, enabling an attacker with DICOM upload/export permission to write files outside the intended directory...

6.5CVSS6.5AI score0.00549EPSS
Exploits1References2Affected Software1
EUVD
EUVD
added 2026/03/19 7:27 p.m.5 views

EUVD-2026-13154

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.2, the DICOM zip/export feature uses a user-supplied destination or path component when creating the zip file, without sanitizing path traversal sequences e.g. ../. An attacker...

6.5CVSS6.5AI score0.00549EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/03/19 7:27 p.m.15 views

CVE-2026-25928 OpenEMR Vulnerable to Path Traversal When Zipping DICOM Folders

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.2, the DICOM zip/export feature uses a user-supplied destination or path component when creating the zip file, without sanitizing path traversal sequences e.g. ../. An attacker...

6.5CVSS0.00549EPSS
Exploits1References2
OSV
OSV
added 2026/03/19 6:31 p.m.2 views

GHSA-CXQH-P2W9-FMR7 PyMuPDF has a path traversal in _main_.py

A path traversal and arbitrary file write vulnerability exist in the embedded get function in 'main.py' in PyMuPDF version, 1.26.5...

6.9CVSS5.9AI score0.00354EPSS
Exploits0References5
EUVD
EUVD
added 2026/03/19 6:31 p.m.5 views

EUVD-2026-13117

A path traversal and arbitrary file write vulnerability exist in the embedded get function in 'main.py' in PyMuPDF version, 1.26.5...

5.9AI score0.00354EPSS
Exploits0References4
Snyk
Snyk
added 2026/03/19 6:31 p.m.4 views

Memory Allocation with Excessive Size Value

Overview Affected versions of this package are vulnerable to Memory Allocation with Excessive Size Value in the remotewrite HTTP handler not enabled by default. An attacker can cause excessive memory allocation by sending specially crafted HTTP requests, potentially leading to service disruption...

6.9CVSS5.8AI score0.00179EPSS
Exploits0References2
Snyk
Snyk
added 2026/03/19 6:31 p.m.2 views

Memory Allocation with Excessive Size Value

Overview Affected versions of this package are vulnerable to Memory Allocation with Excessive Size Value in the remotewrite HTTP handler not enabled by default. An attacker can cause excessive memory allocation by sending specially crafted HTTP requests, potentially leading to service disruption...

6.9CVSS5.8AI score0.00179EPSS
Exploits0References2
EUVD
EUVD
added 2026/03/19 6:31 p.m.3 views

EUVD-2026-13139

Memory Allocation with Excessive Size Value CWE-789 in the Prometheus remotewrite HTTP handler in Metricbeat can lead Denial of Service via Excessive Allocation CAPEC-130...

5.7CVSS5.8AI score0.00179EPSS
Exploits0References2
OSV
OSV
added 2026/03/19 6:31 p.m.3 views

GHSA-5VRW-QJXW-89R5 Metricbeat Allocates Memory with Excessive Size Value Leading to Denial of Service

Memory Allocation with Excessive Size Value CWE-789 in the Prometheus remotewrite HTTP handler in Metricbeat can lead Denial of Service via Excessive Allocation CAPEC-130...

5.7CVSS5.8AI score0.00179EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/03/19 6:31 p.m.8 views

Metricbeat Allocates Memory with Excessive Size Value Leading to Denial of Service

Memory Allocation with Excessive Size Value CWE-789 in the Prometheus remotewrite HTTP handler in Metricbeat can lead Denial of Service via Excessive Allocation CAPEC-130...

5.7CVSS5.8AI score0.00179EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/19 6:31 p.m.9 views

PyMuPDF has a path traversal in _main_.py

A path traversal and arbitrary file write vulnerability exist in the embedded get function in 'main.py' in PyMuPDF version, 1.26.5...

8.2CVSS5.9AI score0.00354EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2026/03/19 5:46 p.m.7 views

GHSA-G2J9-7RJ2-GM6C Langflow has an Arbitrary File Write (RCE) via v2 API

Summary While reviewing the recent patch for CVE-2025-68478 External Control of File Name in v1.7.1, I discovered that the root architectural issue within LocalStorageService remains unresolved. Because the underlying storage layer lacks boundary containment checks, the system relies entirely on...

9.9CVSS6AI score0.01417EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2026/03/19 5:46 p.m.10 views

Langflow has an Arbitrary File Write (RCE) via v2 API

Summary While reviewing the recent patch for CVE-2025-68478 External Control of File Name in v1.7.1, I discovered that the root architectural issue within LocalStorageService remains unresolved. Because the underlying storage layer lacks boundary containment checks, the system relies entirely on...

9.9CVSS6AI score0.01417EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2026/03/19 5:5 p.m.17 views

CVE-2026-26931 Memory Allocation with Excessive Size Value in Metricbeat Leading to Denial of Service

Memory Allocation with Excessive Size Value CWE-789 in the Prometheus remotewrite HTTP handler in Metricbeat can lead Denial of Service via Excessive Allocation CAPEC-130...

5.7CVSS0.00179EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/19 5:5 p.m.2 views

CVE-2026-26931

Memory Allocation with Excessive Size Value CWE-789 in the Prometheus remotewrite HTTP handler in Metricbeat can lead Denial of Service via Excessive Allocation CAPEC-130...

5.7CVSS5.8AI score0.00179EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder