| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-25131 | OpenEMR has Broken Access Control in Procedures Configuration | openemr | openemr | High | 8.8 | 2026-02-25 01:55:44 | Deep Dive |
| CVE-2026-25127 | OpenEMR has Broken Access Control on Care Coordination Module | openemr | openemr | 中危 | - | 2026-02-25 01:53:16 | Deep Dive |
| CVE-2026-25124 | OpenEMR has Broken Access Control in Report/Clients/Message List CSV Export | openemr | openemr | Medium | 6.5 | 2026-02-25 01:50:22 | Deep Dive |
| CVE-2026-24896 | OpenEMR has Broken Access Control that allows unauthorized access to EDI Logs | openemr | openemr | Medium | 6.5 | 2026-02-25 01:48:00 | Deep Dive |
| CVE-2026-24849 | OpenEMR Arbitrary File Read Vulnerability | openemr | openemr | Critical | 9.9 | 2026-02-25 01:44:31 | Deep Dive |
| CVE-2026-24847 | OpenEMR has Open Redirect in Eye Exam Form | openemr | openemr | Medium | 6.1 | 2026-02-25 01:34:35 | Deep Dive |
| CVE-2026-21443 | OpenEMR allows inconsistent escaping of translation function output | openemr | openemr | 中危 | - | 2026-02-25 01:23:22 | Deep Dive |
| CVE-2025-69231 | OpenEMR has a Stored XSS in GAD-7 Form that Enables Session Hijacking and Privilege Escalation | openemr | openemr | High | 8.7 | 2026-02-25 01:18:15 | Deep Dive |
| CVE-2025-68277 | OpenEMR allows links sent via Secure Messaging to be opened in OpenEMR and Portal | openemr | openemr | 中危 | - | 2026-02-25 01:13:29 | Deep Dive |
| CVE-2025-67752 | OpenEMR Has Disabled SSL Certificate Verification in HTTP Client | openemr | openemr | High | 8.1 | 2026-02-25 01:09:21 | Deep Dive |
| CVE-2025-67491 | OpenEMR has Stored XSS in ub04 helper | openemr | openemr | 中危 | - | 2026-02-25 00:31:11 | Deep Dive |
| CVE-2025-67645 | OpenEMR Vulnerable to Broken Access Control in Profile Edit Endpoint | openemr | openemr | High | 8.8 | 2026-01-27 23:20:19 | Deep Dive |
| CVE-2025-54373 | OpenEMR may expose Contents of Clinical Notes and Care Planto users who do not have Sensitivities=high privilege | openemr | openemr | - | - | 2026-01-27 23:11:58 | Deep Dive |
| CVE-2021-47817 | OpenEMR 5.0.2.1 - Remote Code Execution | OpenEMR Foundation, Inc. | OpenEMR | Medium | 5.4 | 2026-01-21 17:27:34 | Deep Dive |
| CVE-2013-10044 | OpenEMR ≤ 4.1.1 SQL Injection Privilege Escalation and RCE | OpenEMR Foundation | OpenEMR | 中危 | - | 2025-08-01 20:46:46 | Deep Dive |
| CVE-2025-43860 | OpemEMR Vulnerable to Stored XSS Attack in the Additional Address Section of Patient Demographics | openemr | openemr | High | 7.6 | 2025-05-23 15:35:01 | Deep Dive |
| CVE-2025-32967 | OpenEMR doesn't log password administration properly | openemr | openemr | Medium | 5.4 | 2025-05-23 15:31:53 | Deep Dive |
| CVE-2025-32794 | OpenEMR Stored XSS via Patient Name Field in Procedure Orders | openemr | openemr | High | 7.6 | 2025-05-23 15:15:33 | Deep Dive |
| CVE-2025-31121 | OpenEMR allows XSS in Patient Image feature | openemr | openemr | - | - | 2025-04-01 14:53:03 | Deep Dive |
| CVE-2025-31117 | OpenEMR Out-of-Band Server-Side Request Forgery (OOB SSRF) Vulnerability | openemr | openemr | 中危 | - | 2025-03-31 16:49:15 | Deep Dive |