open-emr

Top products

The 15 most recently published vulnerabilities affecting open-emr.

• CVE-2026-46518OpenEMR: Stored XSS in prescription CSS/HTML print view via patient demographics7.7Jun 9, 2026
• CVE-2023-54347OpenEMR 7.0.1 Authentication Brute Force Mitigation Bypass7.5May 5, 2026
• CVE-2026-34056OpenEMR has a Privilege Escalation that Allows a Low-Level User to View Admin-Only Data7.7Mar 25, 2026
• CVE-2026-34055OpenEMR has IDOR in Patient Notes Web UI allows unauthorized note access/modification8.1Mar 25, 2026
• CVE-2026-34053OpenEMR Missing Authorization in Procedure Order AJAX Deletion Handler7.1Mar 25, 2026
• CVE-2026-34051OpenEMR has Improper ACL On Import/Export Popup5.4Mar 25, 2026
• CVE-2026-33934OpenEMR's Missing Authorization in show-signature.php Allows Portal Patients to Read Staff Signatures4.3Mar 25, 2026
• CVE-2026-33933Reflected XSS via Unescaped contextName Parameter in Custom Template Editor6.1Mar 25, 2026
• CVE-2026-33932OpenEMR has Stored XSS in CCDA Preview via Unsanitized linkHtml Attributes7.6Mar 25, 2026
• CVE-2026-33931OpenEMR has IDOR in Portal Payment Page that Allows Cross-Patient Record Access6.5Mar 25, 2026
• CVE-2026-33918OpenEMR Missing Authorization on Claim File Download Endpoint7.6Mar 25, 2026
• CVE-2026-33917OpenEMR has SQL Injection in CAMOS Form8.8Mar 25, 2026
• CVE-2026-33915OpenEMR Missing ACL Checks on Insurance Company API Routes5.4Mar 25, 2026
• CVE-2026-33914OpenEMR has SQL Injection in PostCalendar Category Delete7.2Mar 25, 2026
• CVE-2026-33913OpenEMR: XInclude Injection in CCDA Import Allows Reading Arbitrary Server Files7.7Mar 25, 2026