Vulnerabilidades em OpenEMR
121 resultadosCVE-2026-32122MEDIUMOpenEMR: Missing Authorization on Claim File Tracker UI and AJAX Endpoint (V2)EPSS 0.2%CVE-2026-33911MEDIUMOpenEMR vulnerable to reflected XSS in graphs.php via title parameterEPSS 0.2%CVE-2026-33915MEDIUMOpenEMR Missing ACL Checks on Insurance Company API RoutesEPSS 0.2%CVE-2026-25147HIGHOpenEMR's Portal Payment Endpoint Trusts User-Controlled pidEPSS 0.2%CVE-2026-33912MEDIUMOpenEMR has reflected XSS in ajax_download.php via reportID parameterEPSS 0.2%CVE-2026-25135MEDIUMOpenEMR's location resource for Group.$export operation returns entire patient/user population contact informationEPSS 0.2%CVE-2026-25744MEDIUMOpenEMR: POST /api/.../vital Accepts Attacker-Supplied id and Overwrites Arbitrary VitalsEPSS 0.2%CVE-2026-34051MEDIUMOpenEMR has Improper ACL On Import/Export PopupEPSS 0.2%CVE-2026-33305MEDIUMOpenEMR has Authorization Bypass in FaxSMS AppDispatch ConstructorEPSS 0.2%CVE-2026-46518HIGHOpenEMR: Stored XSS in prescription CSS/HTML print view via patient demographicsEPSS 0.2%CVE-2026-25927HIGHOpenEMR Missing Authorization Checks in DICOM Viewer State APIEPSS 0.2%CVE-2026-32121HIGHOpenEMR: Stored DOM XSS via `.html()` in Portal Signer ModalEPSS 0.2%CVE-2026-33932HIGHOpenEMR has Stored XSS in CCDA Preview via Unsanitized linkHtml AttributesEPSS 0.2%CVE-2026-24847MEDIUMOpenEMR has Open Redirect in Eye Exam FormEPSS 0.2%CVE-2026-33299HIGHOpenEMR has Stored XSS in patient encounter Eye Exam form answersEPSS 0.2%CVE-2026-25743HIGHOpenEMR has Stored XSS in Questionnaire answersEPSS 0.2%CVE-2026-32124MEDIUMOpenEMR: Dynamic Code Picker Renders Unescaped Descriptions (Stored XSS)EPSS 0.2%CVE-2026-32125MEDIUMOpenEMR: Stored XSS in Track Anything Graphs via Unescaped Dygraph Titles/LabelsEPSS 0.2%CVE-2025-68277HIGHOpenEMR allows links sent via Secure Messaging to be opened in OpenEMR and PortalEPSS 0.2%CVE-2026-32119MEDIUMOpenEMR has Stored DOM XSS via SearchHighlight text-node reconstruction on Custom Report pageEPSS 0.2%