| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-34056 | OpenEMR has a Privilege Escalation that Allows a Low-Level User to View Admin-Only Data | openemr | openemr | High | 7.7 | 2026-03-25 23:53:16 | Deep Dive |
| CVE-2026-34055 | OpenEMR has IDOR in Patient Notes Web UI allows unauthorized note access/modification | openemr | openemr | High | 8.1 | 2026-03-25 23:49:06 | Deep Dive |
| CVE-2026-34053 | OpenEMR Missing Authorization in Procedure Order AJAX Deletion Handler | openemr | openemr | High | 7.1 | 2026-03-25 23:46:22 | Deep Dive |
| CVE-2026-34051 | OpenEMR has Improper ACL On Import/Export Popup | openemr | openemr | Medium | 5.4 | 2026-03-25 23:45:07 | Deep Dive |
| CVE-2026-33934 | OpenEMR's Missing Authorization in show-signature.php Allows Portal Patients to Read Staff Signatures | openemr | openemr | Medium | 4.3 | 2026-03-25 23:41:52 | Deep Dive |
| CVE-2026-33933 | Reflected XSS via Unescaped contextName Parameter in Custom Template Editor | openemr | openemr | Medium | 6.1 | 2026-03-25 23:40:16 | Deep Dive |
| CVE-2026-33932 | OpenEMR has Stored XSS in CCDA Preview via Unsanitized linkHtml Attributes | openemr | openemr | High | 7.6 | 2026-03-25 23:37:58 | Deep Dive |
| CVE-2026-33931 | OpenEMR has IDOR in Portal Payment Page that Allows Cross-Patient Record Access | openemr | openemr | Medium | 6.5 | 2026-03-25 23:36:48 | Deep Dive |
| CVE-2026-33918 | OpenEMR Missing Authorization on Claim File Download Endpoint | openemr | openemr | High | 7.6 | 2026-03-25 23:35:07 | Deep Dive |
| CVE-2026-33917 | OpenEMR has SQL Injection in CAMOS Form | openemr | openemr | High | 8.8 | 2026-03-25 23:31:21 | Deep Dive |
| CVE-2026-33915 | OpenEMR Missing ACL Checks on Insurance Company API Routes | openemr | openemr | Medium | 5.4 | 2026-03-25 23:23:41 | Deep Dive |
| CVE-2026-33914 | OpenEMR has SQL Injection in PostCalendar Category Delete | openemr | openemr | High | 7.2 | 2026-03-25 23:13:16 | Deep Dive |
| CVE-2026-33913 | OpenEMR: XInclude Injection in CCDA Import Allows Reading Arbitrary Server Files | openemr | openemr | High | 7.7 | 2026-03-25 22:52:50 | Deep Dive |
| CVE-2026-33912 | OpenEMR has reflected XSS in ajax_download.php via reportID parameter | openemr | openemr | Medium | 5.4 | 2026-03-25 22:51:15 | Deep Dive |
| CVE-2026-33911 | OpenEMR vulnerable to reflected XSS in graphs.php via title parameter | openemr | openemr | Medium | 5.4 | 2026-03-25 22:44:13 | Deep Dive |
| CVE-2026-33910 | OpenEMR has a SQL Injection Vulnerability in patient selection | openemr | openemr | High | 7.2 | 2026-03-25 22:41:02 | Deep Dive |
| CVE-2026-33909 | OpenEMR Vulnerable to SQL Injection via Unsanitized Variables in MedEx Recall/Reminder Processing | openemr | openemr | Medium | 5.9 | 2026-03-25 22:35:29 | Deep Dive |
| CVE-2026-33348 | OpenEMR has Stored XSS in patient encounter Eye Exam form $CHRONIC2 and $CHRONIC3 | openemr | openemr | High | 8.7 | 2026-03-25 22:30:37 | Deep Dive |
| CVE-2026-32120 | OpenEMR has IDOR in Fee Sheet Product Save | openemr | openemr | Medium | 6.5 | 2026-03-25 22:27:38 | Deep Dive |
| CVE-2026-29187 | OpenEMR Vulnerable to Authenticated Blind Boolean-Based SQL Injection in new_search_popup.php | openemr | openemr | High | 8.1 | 2026-03-25 22:24:24 | Deep Dive |