Open-emr

Openemr

175 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.8

CVE-2026-25743

Exploit
  • EPSS 0.29%
  • Veröffentlicht 25.02.2026 18:33:56
  • Zuletzt bearbeitet 27.02.2026 14:40:33

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, users with the "Forms administration" role can fill questionnaires ("forms") in patient encounters. The answers to the fo...

7.5

CVE-2026-25476

Exploit
  • EPSS 0.12%
  • Veröffentlicht 25.02.2026 18:28:29
  • Zuletzt bearbeitet 28.02.2026 00:42:46

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, the session expiration check in `library/auth.inc.php` runs only when `skip_timeout_reset` is not present in the request....

6.5

CVE-2026-25220

Exploit
  • EPSS 0.1%
  • Veröffentlicht 25.02.2026 18:25:06
  • Zuletzt bearbeitet 27.02.2026 14:41:14

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, the Message Center accepts the URL parameter `show_all=yes` and passes it to `getPnotesByUser()`, which returns all inter...

8.1

CVE-2026-25164

Exploit
  • EPSS 0.1%
  • Veröffentlicht 25.02.2026 18:22:40
  • Zuletzt bearbeitet 27.02.2026 14:41:30

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, the REST API route table in `apis/routes/_rest_routes_standard.inc.php` does not call `RestConfig::request_authorization_...

6.5

CVE-2026-24908

Exploit
  • EPSS 0%
  • Veröffentlicht 25.02.2026 18:14:03
  • Zuletzt bearbeitet 27.02.2026 14:42:29

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, an SQL injection vulnerability in the Patient REST API endpoint allows authenticated users with API access to execute arb...

6.5

CVE-2026-24890

Exploit
  • EPSS 0.08%
  • Veröffentlicht 25.02.2026 18:10:22
  • Zuletzt bearbeitet 27.02.2026 14:43:28

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, an authorization bypass vulnerability in the patient portal signature endpoint allows authenticated portal users to uploa...

6.5

CVE-2026-24487

Exploit
  • EPSS 0.08%
  • Veröffentlicht 25.02.2026 17:45:24
  • Zuletzt bearbeitet 27.02.2026 14:44:15

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, an authorization bypass vulnerability in the FHIR CareTeam resource endpoint allows patient-scoped FHIR tokens to access ...

8.8

CVE-2026-23627

Exploit
  • EPSS 0.01%
  • Veröffentlicht 25.02.2026 17:39:20
  • Zuletzt bearbeitet 27.02.2026 14:51:47

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, an SQL injection vulnerability in the Immunization module allows any authenticated user to execute arbitrary SQL queries,...

4.5

CVE-2026-25135

  • EPSS 0.13%
  • Veröffentlicht 25.02.2026 03:16:04
  • Zuletzt bearbeitet 25.02.2026 16:56:15

OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior to 8.0.0 have an information disclosure vulnerability that leaks the entire contact information for all users, organizations, and ...

8.8

CVE-2026-25131

Exploit
  • EPSS 0.04%
  • Veröffentlicht 25.02.2026 01:55:43
  • Zuletzt bearbeitet 25.02.2026 16:56:00

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, a Broken Access Control vulnerability exists in the OpenEMR order types management system, allowing low-privilege users (...