Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (145 CVEs found)

Export CSV
CVE Vendors Products Updated CVSS v3.1
CVE-2011-5161 1 Open-emr 1 Openemr 2025-04-11 N/A
Unrestricted file upload vulnerability in the patient photograph functionality in OpenEMR 4 allows remote attackers to execute arbitrary PHP code by uploading a file with an executable extension followed by a safe extension, then accessing it via a direct request to the patient directory under documents/.
CVE-2022-4733 1 Open-emr 1 Openemr 2025-04-10 4.8 Medium
Cross-site Scripting (XSS) - Stored in GitHub repository openemr/openemr prior to 7.0.0.2.
CVE-2024-22611 1 Open-emr 1 Openemr 2025-04-08 9.8 Critical
OpenEMR 7.0.2 is vulnerable to SQL Injection via \openemr\library\classes\Pharmacy.class.php, \controllers\C_Pharmacy.class.php and \openemr\controller.php.
CVE-2023-22972 1 Open-emr 1 Openemr 2025-03-12 5.4 Medium
A Reflected Cross-site scripting (XSS) vulnerability in interface/forms/eye_mag/php/eye_mag_functions.php in OpenEMR < 7.0.0 allows remote authenticated users to inject arbitrary web script or HTML via the REQUEST_URI.
CVE-2023-22973 1 Open-emr 1 Openemr 2025-03-12 8.8 High
A Local File Inclusion (LFI) vulnerability in interface/forms/LBF/new.php in OpenEMR < 7.0.0 allows remote authenticated users to execute code via the formname parameter.
CVE-2023-22974 1 Open-emr 1 Openemr 2025-03-12 7.5 High
A Path Traversal in setup.php in OpenEMR < 7.0.0 allows remote unauthenticated users to read arbitrary files by controlling a connection to an attacker-controlled MySQL server.
CVE-2023-2566 1 Open-emr 1 Openemr 2025-01-29 4.8 Medium
Cross-site Scripting (XSS) - Stored in GitHub repository openemr/openemr prior to 7.0.1.
CVE-2023-2674 1 Open-emr 1 Openemr 2025-01-24 4.3 Medium
Improper Access Control in GitHub repository openemr/openemr prior to 7.0.1.
CVE-2023-2946 1 Open-emr 1 Openemr 2025-01-14 8.1 High
Improper Access Control in GitHub repository openemr/openemr prior to 7.0.1.
CVE-2023-2947 1 Open-emr 1 Openemr 2025-01-14 4.8 Medium
Cross-site Scripting (XSS) - Stored in GitHub repository openemr/openemr prior to 7.0.1.
CVE-2023-2942 1 Open-emr 1 Openemr 2025-01-14 8.1 High
Improper Input Validation in GitHub repository openemr/openemr prior to 7.0.1.
CVE-2023-2943 1 Open-emr 1 Openemr 2025-01-14 8.8 High
Code Injection in GitHub repository openemr/openemr prior to 7.0.1.
CVE-2023-2944 1 Open-emr 1 Openemr 2025-01-14 5.4 Medium
Improper Access Control in GitHub repository openemr/openemr prior to 7.0.1.
CVE-2023-2945 1 Open-emr 1 Openemr 2025-01-14 5.4 Medium
Missing Authorization in GitHub repository openemr/openemr prior to 7.0.1.
CVE-2023-2948 1 Open-emr 1 Openemr 2025-01-14 6.1 Medium
Cross-site Scripting (XSS) - Generic in GitHub repository openemr/openemr prior to 7.0.1.
CVE-2023-2949 1 Open-emr 1 Openemr 2025-01-14 6.1 Medium
Cross-site Scripting (XSS) - Reflected in GitHub repository openemr/openemr prior to 7.0.1.
CVE-2023-2950 1 Open-emr 1 Openemr 2025-01-14 8.1 High
Improper Authorization in GitHub repository openemr/openemr prior to 7.0.1.
CVE-2022-2824 1 Open-emr 1 Openemr 2024-11-21 8.8 High
Authorization Bypass Through User-Controlled Key in GitHub repository openemr/openemr prior to 7.0.0.1.
CVE-2022-2734 1 Open-emr 1 Openemr 2024-11-21 5.4 Medium
Improper Restriction of Rendered UI Layers or Frames in GitHub repository openemr/openemr prior to 7.0.0.1.
CVE-2022-2733 1 Open-emr 1 Openemr 2024-11-21 6.1 Medium
Cross-site Scripting (XSS) - Reflected in GitHub repository openemr/openemr prior to 7.0.0.1.