| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-32118 | OpenEMR has Stored XSS in Graphical Pain Map legend via unescaped annotation text | openemr | openemr | Medium | 5.4 | 2026-03-11 20:46:19 | Deep Dive |
| CVE-2026-24898 | OpenEMR has an Unauthenticated MedEx Token Disclosure | openemr | openemr | Critical | 10.0 | 2026-03-03 22:10:30 | Deep Dive |
| CVE-2026-25146 | OpenEMR's payments gateway_api_key secret rendered into client JS code | openemr | openemr | Critical | 9.6 | 2026-03-03 22:08:23 | Deep Dive |
| CVE-2026-24848 | OpenEMR Arbitrary File Write leading to Remote Code Execution | openemr | openemr | - | - | 2026-03-03 22:04:03 | Deep Dive |
| CVE-2026-25147 | OpenEMR's Portal Payment Endpoint Trusts User-Controlled pid | openemr | openemr | High | 7.1 | 2026-02-27 16:44:41 | Deep Dive |
| CVE-2026-24488 | OpenEMR Vulnerable to Arbitrary File Exfiltration via Fax Endpoint | openemr | openemr | Medium | 6.5 | 2026-02-27 16:41:46 | Deep Dive |
| CVE-2026-27943 | OpenEMR's Eye Exam View Trusts form_id Without Verifying Patient/Encounter Ownership | openemr | openemr | Medium | 6.5 | 2026-02-26 01:30:31 | Deep Dive |
| CVE-2026-25930 | OpenEMR's Printable LBF Endpoint Leaks Arbitrary Patient Forms | openemr | openemr | Medium | 6.5 | 2026-02-25 18:48:10 | Deep Dive |
| CVE-2026-25929 | OpenEMR Patient Picture Context Allows Arbitrary Patient Photo Retrieval | openemr | openemr | Medium | 6.5 | 2026-02-25 18:46:45 | Deep Dive |
| CVE-2026-25927 | OpenEMR Missing Authorization Checks in DICOM Viewer State API | openemr | openemr | High | 7.1 | 2026-02-25 18:43:26 | Deep Dive |
| CVE-2026-25746 | OpenEMR has SQL Injection Vulnerability | openemr | openemr | High | 8.8 | 2026-02-25 18:39:25 | Deep Dive |
| CVE-2026-25743 | OpenEMR has Stored XSS in Questionnaire answers | openemr | openemr | - | - | 2026-02-25 18:33:57 | Deep Dive |
| CVE-2026-25476 | OpenEMR has Session Timeout Bypass via skip_timeout_reset | openemr | openemr | High | 7.5 | 2026-02-25 18:28:30 | Deep Dive |
| CVE-2026-25220 | OpenEMR Messages "Show All" Not Restricted to Admins | openemr | openemr | - | - | 2026-02-25 18:25:06 | Deep Dive |
| CVE-2026-25164 | OpenEMR's Document and Insurance REST Endpoints Skip ACL | openemr | openemr | High | 8.1 | 2026-02-25 18:22:41 | Deep Dive |
| CVE-2026-24908 | OpenEMR has SQL Injection in Patient API Sort Parameter | openemr | openemr | Critical | 9.9 | 2026-02-25 18:14:04 | Deep Dive |
| CVE-2026-24890 | OpenEMR Portal Users Can Forge Provider Signatures | openemr | openemr | High | 8.1 | 2026-02-25 18:10:23 | Deep Dive |
| CVE-2026-24487 | OpenEMR has FHIR Patient Compartment Bypass in CareTeam Resource | openemr | openemr | - | - | 2026-02-25 17:45:25 | Deep Dive |
| CVE-2026-23627 | OpenEMR has SQL Injection in Immunization Search/Report | openemr | openemr | - | - | 2026-02-25 17:39:21 | Deep Dive |
| CVE-2026-25135 | OpenEMR's location resource for Group.$export operation returns entire patient/user population contact information | openemr | openemr | Medium | 4.5 | 2026-02-25 02:02:14 | Deep Dive |