Open-emr

Openemr

218 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.5

CVE-2026-25929

Exploit
  • EPSS 0.26%
  • Veröffentlicht 25.02.2026 18:46:44
  • Zuletzt bearbeitet 27.02.2026 14:39:26

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, the document controller’s `patient_picture` context serves the patient’s photo by document ID or patient ID without verif...

7.1

CVE-2026-25927

Exploit
  • EPSS 0.2%
  • Veröffentlicht 25.02.2026 18:43:25
  • Zuletzt bearbeitet 27.02.2026 14:40:46

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, the DICOM viewer state API (e.g. upload or state save/load) accepts a document ID (`doc_id`) without verifying that the ...

8.8

CVE-2026-25746

Exploit
  • EPSS 3.1%
  • Veröffentlicht 25.02.2026 18:39:24
  • Zuletzt bearbeitet 27.02.2026 14:40:01

OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior to 8.0.0 contain a SQL injection vulnerability in prescription that can be exploited by authenticated attackers. The vulnerability...

4.8

CVE-2026-25743

Exploit
  • EPSS 0.17%
  • Veröffentlicht 25.02.2026 18:33:56
  • Zuletzt bearbeitet 27.02.2026 14:40:33

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, users with the "Forms administration" role can fill questionnaires ("forms") in patient encounters. The answers to the fo...

7.5

CVE-2026-25476

Exploit
  • EPSS 0.31%
  • Veröffentlicht 25.02.2026 18:28:29
  • Zuletzt bearbeitet 28.02.2026 00:42:46

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, the session expiration check in `library/auth.inc.php` runs only when `skip_timeout_reset` is not present in the request....

6.5

CVE-2026-25220

Exploit
  • EPSS 0.26%
  • Veröffentlicht 25.02.2026 18:25:06
  • Zuletzt bearbeitet 27.02.2026 14:41:14

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, the Message Center accepts the URL parameter `show_all=yes` and passes it to `getPnotesByUser()`, which returns all inter...

8.1

CVE-2026-25164

Exploit
  • EPSS 0.26%
  • Veröffentlicht 25.02.2026 18:22:40
  • Zuletzt bearbeitet 27.02.2026 14:41:30

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, the REST API route table in `apis/routes/_rest_routes_standard.inc.php` does not call `RestConfig::request_authorization_...

6.5

CVE-2026-24908

Medienbericht Exploit
  • EPSS 0.49%
  • Veröffentlicht 25.02.2026 18:14:03
  • Zuletzt bearbeitet 27.02.2026 14:42:29

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, an SQL injection vulnerability in the Patient REST API endpoint allows authenticated users with API access to execute arb...

6.5

CVE-2026-24890

Exploit
  • EPSS 0.24%
  • Veröffentlicht 25.02.2026 18:10:22
  • Zuletzt bearbeitet 27.02.2026 14:43:28

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, an authorization bypass vulnerability in the patient portal signature endpoint allows authenticated portal users to uploa...

6.5

CVE-2026-24487

Medienbericht Exploit
  • EPSS 0.27%
  • Veröffentlicht 25.02.2026 17:45:24
  • Zuletzt bearbeitet 27.02.2026 14:44:15

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, an authorization bypass vulnerability in the FHIR CareTeam resource endpoint allows patient-scoped FHIR tokens to access ...