| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-33346 | OpenEMR has stored XSS in portal_payment.php via Unescaped table_args | openemr | openemr | High | 8.7 | 2026-03-19 20:33:10 | Deep Dive |
| CVE-2026-33305 | OpenEMR has Authorization Bypass in FaxSMS AppDispatch Constructor | openemr | openemr | Medium | 5.4 | 2026-03-19 20:30:57 | Deep Dive |
| CVE-2026-33304 | OpenEMR has Authorization Bypass in Dated Reminders Log | openemr | openemr | Medium | 6.5 | 2026-03-19 20:27:01 | Deep Dive |
| CVE-2026-33303 | OpenEMR Vulnerable to Stored XSS via Unescaped portal_login_username in Credential Print View | openemr | openemr | Medium | 5.4 | 2026-03-19 20:25:06 | Deep Dive |
| CVE-2026-33302 | OpenEMR: zhAclCheck Ignores Explicit ACL Denies | openemr | openemr | 中危 | - | 2026-03-19 20:23:17 | Deep Dive |
| CVE-2026-33321 | OpenEMR has Out-of-Band Server-Side Request Forgery (OOB SSRF) | openemr | openemr | 中危 | - | 2026-03-19 20:20:37 | Deep Dive |
| CVE-2026-33301 | OpenEMR has arbitrary image file read via PDF generator | openemr | openemr | 中危 | - | 2026-03-19 20:10:43 | Deep Dive |
| CVE-2026-33299 | OpenEMR has Stored XSS in patient encounter Eye Exam form answers | openemr | openemr | 中危 | - | 2026-03-19 20:07:59 | Deep Dive |
| CVE-2026-32119 | OpenEMR has Stored DOM XSS via SearchHighlight text-node reconstruction on Custom Report page | openemr | openemr | Medium | 4.4 | 2026-03-19 19:41:48 | Deep Dive |
| CVE-2026-32238 | OpenEMR has Remote Code Execution in backup functionality | openemr | openemr | Critical | 9.1 | 2026-03-19 19:30:54 | Deep Dive |
| CVE-2026-25928 | OpenEMR Vulnerable to Path Traversal When Zipping DICOM Folders | openemr | openemr | Medium | 6.5 | 2026-03-19 19:27:17 | Deep Dive |
| CVE-2026-25744 | OpenEMR: POST /api/.../vital Accepts Attacker-Supplied id and Overwrites Arbitrary Vitals | openemr | openemr | Medium | 6.5 | 2026-03-19 19:25:56 | Deep Dive |
| CVE-2026-25745 | OpenEMR's Message Update Ignores Patient id | openemr | openemr | Medium | 6.5 | 2026-03-18 20:30:31 | Deep Dive |
| CVE-2026-32127 | SQL Injection Vulnerability in ajax graphs library (OpenEMR) | openemr | openemr | High | 8.8 | 2026-03-11 20:53:10 | Deep Dive |
| CVE-2026-32126 | OpenEMR: Inverted ACL Condition in CDR ControllerRouter Allows Any Authenticated User to Modify/Delete Clinical Rules and Plans | openemr | openemr | High | 7.1 | 2026-03-11 20:52:16 | Deep Dive |
| CVE-2026-32125 | OpenEMR: Stored XSS in Track Anything Graphs via Unescaped Dygraph Titles/Labels | openemr | openemr | Medium | 5.4 | 2026-03-11 20:51:32 | Deep Dive |
| CVE-2026-32124 | OpenEMR: Dynamic Code Picker Renders Unescaped Descriptions (Stored XSS) | openemr | openemr | Medium | 5.4 | 2026-03-11 20:50:41 | Deep Dive |
| CVE-2026-32123 | OpenEMR: Therapy Group Sensitivity ACL No Longer Enforced | openemr | openemr | High | 7.7 | 2026-03-11 20:49:39 | Deep Dive |
| CVE-2026-32122 | OpenEMR: Missing Authorization on Claim File Tracker UI and AJAX Endpoint (V2) | openemr | openemr | Medium | 4.3 | 2026-03-11 20:48:27 | Deep Dive |
| CVE-2026-32121 | OpenEMR: Stored DOM XSS via `.html()` in Portal Signer Modal | openemr | openemr | High | 7.7 | 2026-03-11 20:47:32 | Deep Dive |