Lucene search
K

38427 matches found

CVE
CVE
added 2026/03/25 11:46 p.m.8 views

CVE-2026-34053

OpenEMR prior to version 8.0.0.3 has a missing authorization issue in the AJAX deletion endpoint at interface/forms/procedure_order/handle_deletions.php. This allows any authenticated user, regardless of role, to irreversibly delete procedure orders, answers, and specimens for any patient. Versio...

8.1CVSS5.8AI score0.00415EPSS
Exploits1References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/25 11:41 p.m.4 views

CVE-2026-33934

OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior to 8.0.0.3 have a missing authorization check in portal/sign/lib/show-signature.php that allows any authenticated patient portal user to retrieve the drawn signature image of an...

4.3CVSS6AI score0.00235EPSS
Exploits1References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/25 11:31 p.m.5 views

CVE-2026-33917

OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior to 8.0.0.3 contais a SQL injection vulnerability in the ajaxsave CAMOS form that can be exploited by authenticated attackers. The vulnerability exists due to insufficient input...

8.8CVSS5.8AI score0.00445EPSS
Exploits1References4Affected Software1
NVD
NVD
added 2026/03/25 11:17 p.m.6 views

CVE-2026-33912

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, an authenticated attacker could craft a malicious form that, when submitted by a victim, executes arbitrary JavaScript in the victim's browser session. Version 8.0.0....

5.4CVSS0.00219EPSS
Exploits0References4
NVD
NVD
added 2026/03/25 11:17 p.m.4 views

CVE-2026-33348

OpenEMR is a free and open source electronic health records and medical practice management application. Users with the Notes - my encounters role can fill Eye Exam forms in patient encounters. The answers to the form are displayed on the encounter page and in the visit history for the users with...

8.7CVSS0.00296EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/03/25 10:52 p.m.3 views

CVE-2026-33913 OpenEMR: XInclude Injection in CCDA Import Allows Reading Arbitrary Server Files

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, an authenticated user with access to the Carecoordination module can upload a crafted CCDA document containing to read arbitrary files from the server. Version 8.0.0....

7.7CVSS5.9AI score0.00294EPSS
Exploits1References3
EUVD
EUVD
added 2026/03/25 10:41 p.m.5 views

EUVD-2026-16016

OpenEMR is a free and open source electronic health records and medical practice management application. Versions up to and including 8.0.0.2 contain a SQL injection vulnerability in the patient selection feature that can be exploited by authenticated attackers. The vulnerability exists due to...

7.2CVSS5.8AI score0.00427EPSS
Exploits2References3
ATTACKERKB
ATTACKERKB
added 2026/03/25 10:27 p.m.4 views

CVE-2026-32120

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, an Insecure Direct Object Reference IDOR vulnerability in the fee sheet product save logic library/FeeSheet.class.php allows any authenticated user with fee sheet ACL...

6.5CVSS6AI score0.00254EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/25 7:40 p.m.5 views

PrestaShop: Improper Use of Validation Framework

Impact Fix improper use of validation framework Patches Patched in 8.2.5 and 9.1.0 Workarounds None References none...

5.3CVSS5.8AI score0.00237EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2026/03/25 7:40 p.m.2 views

GHSA-283W-XF3Q-788V PrestaShop: Improper Use of Validation Framework

Impact Fix improper use of validation framework Patches Patched in 8.2.5 and 9.1.0 Workarounds None References none...

2CVSS5.8AI score0.00237EPSS
Exploits0References5
EUVD
EUVD
added 2026/03/25 6:31 p.m.5 views

EUVD-2026-15565

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Theme-one The Grid the-grid allows Stored XSS.This issue affects The Grid: from n/a through 2.8.0...

6.5CVSS5.8AI score0.00205EPSS
Exploits0References2
CVE
CVE
added 2026/03/25 6:6 p.m.21 views

CVE-2026-33720

n8n (open source workflow automation) has a vulnerability in pre-2.8.0 where setting N8N_SKIP_AUTH_ON_OAUTH_CALLBACK=true causes the OAuth callback to skip ownership verification of the OAuth state. An attacker can trick a victim into completing an OAuth flow for a credential the attacker control...

6.3CVSS5.8AI score0.0018EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2026/03/25 5:30 p.m.3 views

GHSA-XQ7H-VWJP-5VRH @grackle-ai/powerline Runs Without Authentication by Default

Impact When --token is not provided and GRACKLEPOWERLINETOKEN is not set, the PowerLine gRPC server runs with zero authentication. A warning is logged "NO AUTH development only" but nothing prevents deployment in this state. Any client that can reach the PowerLine port can spawn agent sessions,...

6.3CVSS5.9AI score
Exploits0References2
NVD
NVD
added 2026/03/25 5:16 p.m.3 views

CVE-2026-32489

Missing Authorization vulnerability in bPlugins B Blocks b-blocks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects B Blocks: from n/a through 2.0.30...

6.5CVSS0.00235EPSS
Exploits0References1
NVD
NVD
added 2026/03/25 5:16 p.m.3 views

CVE-2026-25026

Missing Authorization vulnerability in RadiusTheme Team tlp-team allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Team: from n/a through = 5.0.11...

7.5CVSS0.00278EPSS
Exploits0References1
NVD
NVD
added 2026/03/25 5:16 p.m.4 views

CVE-2026-25002

Authentication Bypass Using an Alternate Path or Channel vulnerability in ThimPress LearnPress – Sepay Payment learnpress-sepay-payment allows Authentication Abuse.This issue affects LearnPress – Sepay Payment: from n/a through = 4.0.0...

7.5CVSS0.00271EPSS
Exploits0References1
OSV
OSV
added 2026/03/25 5:16 p.m.5 views

UBUNTU-CVE-2026-25645

Requests is a HTTP library. Prior to version 2.33.0, the requests.utils.extractzippedpaths utility function uses a predictable filename when extracting files from zip archives into the system temporary directory. If the target file already exists, it is reused without validation. A local attacker...

5.5CVSS5.8AI score0.00182EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/03/25 4:56 p.m.6 views

SUSE CVE-2026-23298

In the Linux kernel, the following vulnerability has been resolved: can: ucan: Fix infinite loop from zero-length messages If a broken ucan device gets a message with the message length field set to 0, then the driver will loop for forever in ucanreadbulkcallback, hanging the system. If the lengt...

4.6CVSS5.7AI score0.00123EPSS
Exploits0References16
SUSE CVE
SUSE CVE
added 2026/03/25 4:56 p.m.6 views

SUSE CVE-2026-23306

In the Linux kernel, the following vulnerability has been resolved: scsi: pm8001: Fix use-after-free in pm8001queuecommand Commit e29c47fe8946 "scsi: pm8001: Simplify pm8001taskexec" refactors pm8001queuecommand, however it introduces a potential cause of a double free scenario when it changes th...

6CVSS5.7AI score0.00126EPSS
Exploits0References12
SUSE CVE
SUSE CVE
added 2026/03/25 4:55 p.m.4 views

SUSE CVE-2026-23356

In the Linux kernel, the following vulnerability has been resolved: drbd: fix "LOGIC BUG" in drbdalbeginiononblock Even though we check that we "should" be able to do lcgetcumulative while holding the device-allock spinlock, it may still fail, if some other code path decided to do lctrylock with...

5.5CVSS5.8AI score0.00128EPSS
Exploits0References3
Rows per page
Query Builder