Openemr
by Openemr
Source repositories
CVEs (217)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-32118 | 0.00 | — | 0.00 | Mar 11, 2026 | OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.1, stored cross-site scripting (XSS) in the Graphical Pain Map ("clickmap") form allows any authenticated clinician to inject arbitrary JavaScript that… | |||
| CVE-2026-24898 | 0.00 | — | 0.01 | Mar 3, 2026 | OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0, an unauthenticated token disclosure vulnerability in the MedEx callback endpoint allows any unauthenticated visitor to obtain the practice's MedEx API tokens,… | |||
| CVE-2026-25146 | 0.00 | — | 0.00 | Mar 3, 2026 | OpenEMR is a free and open source electronic health records and medical practice management application. From 5.0.2 to before 8.0.0, there are (at least) two paths where the gateway_api_key secret value is rendered to the client in plaintext. These secret keys being leaked could… | |||
| CVE-2026-24848 | 0.00 | — | 0.07 | Mar 3, 2026 | OpenEMR is a free and open source electronic health records and medical practice management application. In 7.0.4 and earlier, the disposeDocument() method in EtherFaxActions.php allows authenticated users to write arbitrary content to arbitrary locations on the server… | |||
| CVE-2026-25147 | 0.00 | — | 0.00 | Feb 27, 2026 | OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, in `portal/portal_payment.php`, the patient id used for the page is taken from the request (`$pid = $_REQUEST['pid'] ?? $pid` and `$pid =… | |||
| CVE-2026-24488 | 0.00 | — | 0.00 | Feb 27, 2026 | OpenEMR is a free and open source electronic health records and medical practice management application. In versions up to and including 8.0.0, an arbitrary file exfiltration vulnerability in the fax sending endpoint allows any authenticated user to read and transmit any file on… | |||
| CVE-2026-27943 | 0.00 | — | 0.00 | Feb 26, 2026 | OpenEMR is a free and open source electronic health records and medical practice management application. In versions up to and including 8.0.0, the eye exam (eye_mag) view loads data by `form_id` (or equivalent) without verifying that the form belongs to the current user’s… | |||
| CVE-2026-25930 | 0.00 | — | 0.00 | Feb 25, 2026 | OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, the Layout-Based Form (LBF) printable view accepts `formid` and `visitid` (or `patientid`) from the request and does not verify that the form belongs… | |||
| CVE-2026-25929 | 0.00 | — | 0.00 | Feb 25, 2026 | OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, the document controller’s `patient_picture` context serves the patient’s photo by document ID or patient ID without verifying that the current… | |||
| CVE-2026-25927 | 0.00 | — | 0.00 | Feb 25, 2026 | OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, the DICOM viewer state API (e.g. upload or state save/load) accepts a document ID (`doc_id`) without verifying that the document belongs to the… | |||
| CVE-2026-25746 | 0.00 | — | 0.03 | Feb 25, 2026 | OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior to 8.0.0 contain a SQL injection vulnerability in prescription that can be exploited by authenticated attackers. The vulnerability exists due to insufficient… | |||
| CVE-2026-25743 | 0.00 | — | 0.00 | Feb 25, 2026 | OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, users with the "Forms administration" role can fill questionnaires ("forms") in patient encounters. The answers to the forms are displayed on the… | |||
| CVE-2026-25476 | 0.00 | — | 0.00 | Feb 25, 2026 | OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, the session expiration check in `library/auth.inc.php` runs only when `skip_timeout_reset` is not present in the request. When `skip_timeout_reset=1`… | |||
| CVE-2026-25220 | 0.00 | — | 0.00 | Feb 25, 2026 | OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, the Message Center accepts the URL parameter `show_all=yes` and passes it to `getPnotesByUser()`, which returns all internal messages (all users’… | |||
| CVE-2026-25164 | 0.00 | — | 0.00 | Feb 25, 2026 | OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, the REST API route table in `apis/routes/_rest_routes_standard.inc.php` does not call `RestConfig::request_authorization_check()` for the document and… | |||
| CVE-2026-24908 | 0.00 | — | 0.00 | Feb 25, 2026 | OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, an SQL injection vulnerability in the Patient REST API endpoint allows authenticated users with API access to execute arbitrary SQL queries through… | |||
| CVE-2026-24890 | 0.00 | — | 0.00 | Feb 25, 2026 | OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, an authorization bypass vulnerability in the patient portal signature endpoint allows authenticated portal users to upload and overwrite provider… | |||
| CVE-2026-24487 | 0.00 | — | 0.00 | Feb 25, 2026 | OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, an authorization bypass vulnerability in the FHIR CareTeam resource endpoint allows patient-scoped FHIR tokens to access care team data for all… | |||
| CVE-2026-23627 | 0.00 | — | 0.01 | Feb 25, 2026 | OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, an SQL injection vulnerability in the Immunization module allows any authenticated user to execute arbitrary SQL queries, leading to complete database… | |||
| CVE-2026-25135 | 0.00 | — | 0.00 | Feb 25, 2026 | OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior to 8.0.0 have an information disclosure vulnerability that leaks the entire contact information for all users, organizations, and patients in the system to… |
- CVE-2026-32118Mar 11, 2026risk 0.00cvss —epss 0.00
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.1, stored cross-site scripting (XSS) in the Graphical Pain Map ("clickmap") form allows any authenticated clinician to inject arbitrary JavaScript that…
- CVE-2026-24898Mar 3, 2026risk 0.00cvss —epss 0.01
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0, an unauthenticated token disclosure vulnerability in the MedEx callback endpoint allows any unauthenticated visitor to obtain the practice's MedEx API tokens,…
- CVE-2026-25146Mar 3, 2026risk 0.00cvss —epss 0.00
OpenEMR is a free and open source electronic health records and medical practice management application. From 5.0.2 to before 8.0.0, there are (at least) two paths where the gateway_api_key secret value is rendered to the client in plaintext. These secret keys being leaked could…
- CVE-2026-24848Mar 3, 2026risk 0.00cvss —epss 0.07
OpenEMR is a free and open source electronic health records and medical practice management application. In 7.0.4 and earlier, the disposeDocument() method in EtherFaxActions.php allows authenticated users to write arbitrary content to arbitrary locations on the server…
- CVE-2026-25147Feb 27, 2026risk 0.00cvss —epss 0.00
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, in `portal/portal_payment.php`, the patient id used for the page is taken from the request (`$pid = $_REQUEST['pid'] ?? $pid` and `$pid =…
- CVE-2026-24488Feb 27, 2026risk 0.00cvss —epss 0.00
OpenEMR is a free and open source electronic health records and medical practice management application. In versions up to and including 8.0.0, an arbitrary file exfiltration vulnerability in the fax sending endpoint allows any authenticated user to read and transmit any file on…
- CVE-2026-27943Feb 26, 2026risk 0.00cvss —epss 0.00
OpenEMR is a free and open source electronic health records and medical practice management application. In versions up to and including 8.0.0, the eye exam (eye_mag) view loads data by `form_id` (or equivalent) without verifying that the form belongs to the current user’s…
- CVE-2026-25930Feb 25, 2026risk 0.00cvss —epss 0.00
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, the Layout-Based Form (LBF) printable view accepts `formid` and `visitid` (or `patientid`) from the request and does not verify that the form belongs…
- CVE-2026-25929Feb 25, 2026risk 0.00cvss —epss 0.00
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, the document controller’s `patient_picture` context serves the patient’s photo by document ID or patient ID without verifying that the current…
- CVE-2026-25927Feb 25, 2026risk 0.00cvss —epss 0.00
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, the DICOM viewer state API (e.g. upload or state save/load) accepts a document ID (`doc_id`) without verifying that the document belongs to the…
- CVE-2026-25746Feb 25, 2026risk 0.00cvss —epss 0.03
OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior to 8.0.0 contain a SQL injection vulnerability in prescription that can be exploited by authenticated attackers. The vulnerability exists due to insufficient…
- CVE-2026-25743Feb 25, 2026risk 0.00cvss —epss 0.00
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, users with the "Forms administration" role can fill questionnaires ("forms") in patient encounters. The answers to the forms are displayed on the…
- CVE-2026-25476Feb 25, 2026risk 0.00cvss —epss 0.00
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, the session expiration check in `library/auth.inc.php` runs only when `skip_timeout_reset` is not present in the request. When `skip_timeout_reset=1`…
- CVE-2026-25220Feb 25, 2026risk 0.00cvss —epss 0.00
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, the Message Center accepts the URL parameter `show_all=yes` and passes it to `getPnotesByUser()`, which returns all internal messages (all users’…
- CVE-2026-25164Feb 25, 2026risk 0.00cvss —epss 0.00
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, the REST API route table in `apis/routes/_rest_routes_standard.inc.php` does not call `RestConfig::request_authorization_check()` for the document and…
- CVE-2026-24908Feb 25, 2026risk 0.00cvss —epss 0.00
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, an SQL injection vulnerability in the Patient REST API endpoint allows authenticated users with API access to execute arbitrary SQL queries through…
- CVE-2026-24890Feb 25, 2026risk 0.00cvss —epss 0.00
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, an authorization bypass vulnerability in the patient portal signature endpoint allows authenticated portal users to upload and overwrite provider…
- CVE-2026-24487Feb 25, 2026risk 0.00cvss —epss 0.00
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, an authorization bypass vulnerability in the FHIR CareTeam resource endpoint allows patient-scoped FHIR tokens to access care team data for all…
- CVE-2026-23627Feb 25, 2026risk 0.00cvss —epss 0.01
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, an SQL injection vulnerability in the Immunization module allows any authenticated user to execute arbitrary SQL queries, leading to complete database…
- CVE-2026-25135Feb 25, 2026risk 0.00cvss —epss 0.00
OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior to 8.0.0 have an information disclosure vulnerability that leaks the entire contact information for all users, organizations, and patients in the system to…
Page 6 of 11