Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / Vendors / open-emr

open-emr

217 tracked vulnerabilities.

CVE-2026-34056 HIGH

OpenEMR has a Privilege Escalation that Allows a Low-Level User to View Admin-Only Data

CVE-2026-34055 HIGH

OpenEMR has IDOR in Patient Notes Web UI allows unauthorized note access/modification

CVE-2026-34053 HIGH

OpenEMR Missing Authorization in Procedure Order AJAX Deletion Handler

CVE-2026-34051 MEDIUM

OpenEMR has Improper ACL On Import/Export Popup

CVE-2026-33934 MEDIUM

OpenEMR's Missing Authorization in show-signature.php Allows Portal Patients to Read Staff Signatures

CVE-2026-33933 MEDIUM

Reflected XSS via Unescaped contextName Parameter in Custom Template Editor

CVE-2026-33932 HIGH

OpenEMR has Stored XSS in CCDA Preview via Unsanitized linkHtml Attributes

CVE-2026-33931 MEDIUM

OpenEMR has IDOR in Portal Payment Page that Allows Cross-Patient Record Access

CVE-2026-33918 HIGH

OpenEMR Missing Authorization on Claim File Download Endpoint

CVE-2026-33917 HIGH

OpenEMR has SQL Injection in CAMOS Form

CVE-2026-33915 MEDIUM

OpenEMR Missing ACL Checks on Insurance Company API Routes

CVE-2026-33914 HIGH

OpenEMR has SQL Injection in PostCalendar Category Delete

CVE-2026-33913 HIGH

OpenEMR: XInclude Injection in CCDA Import Allows Reading Arbitrary Server Files

CVE-2026-33912 MEDIUM

OpenEMR has reflected XSS in ajax_download.php via reportID parameter

CVE-2026-33911 MEDIUM

OpenEMR vulnerable to reflected XSS in graphs.php via title parameter

CVE-2026-33910 HIGH

OpenEMR has a SQL Injection Vulnerability in patient selection

CVE-2026-33909 MEDIUM

OpenEMR Vulnerable to SQL Injection via Unsanitized Variables in MedEx Recall/Reminder Processing

CVE-2026-33348 HIGH

OpenEMR has Stored XSS in patient encounter Eye Exam form $CHRONIC2 and $CHRONIC3

CVE-2026-32120 MEDIUM

OpenEMR has IDOR in Fee Sheet Product Save

CVE-2026-29187 HIGH

OpenEMR Vulnerable to Authenticated Blind Boolean-Based SQL Injection in new_search_popup.php

CVE-2026-33346 HIGH

OpenEMR has stored XSS in portal_payment.php via Unescaped table_args

CVE-2026-33321 HIGH

OpenEMR has Out-of-Band Server-Side Request Forgery (OOB SSRF)

CVE-2026-33305 MEDIUM

OpenEMR has Authorization Bypass in FaxSMS AppDispatch Constructor

CVE-2026-33304 MEDIUM

OpenEMR has Authorization Bypass in Dated Reminders Log

CVE-2026-33303 MEDIUM

OpenEMR Vulnerable to Stored XSS via Unescaped portal_login_username in Credential Print View

Page 1 of 9 Next

Products

openemr 217 OpenEMR 1

Quick Filters

Critical CVEs With Exploits In CISA KEV

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy