Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2026-34056 OpenEMR is a free and open source electronic health records and medical practice management application. A Broken Access Control vulnerability in OpenEMR up to and including version 8.0.0.3 allows low... | 7.7 | HIGH | — | 0 |
| CVE-2026-34055 OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, the legacy patient notes functions in `library/pnotes.inc.php` perfor... | 8.1 | HIGH | — | 0 |
| CVE-2026-34053 OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, missing authorization in the AJAX deletion endpoint `interface/forms/... | 7.1 | HIGH | — | 0 |
| CVE-2026-34051 OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior to 8.0.0.3 have an improper access control on the Import/Export functionality, a... | 5.4 | MEDIUM | — | 0 |
| CVE-2026-33934 OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior to 8.0.0.3 have a missing authorization check in `portal/sign/lib/show-signature... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-33933 OpenEMR is a free and open source electronic health records and medical practice management application. Starting in version 7.0.2.1 and prior to version 8.0.0.3, a reflected cross-site scripting (XSS... | 6.1 | MEDIUM | — | 0 |
| CVE-2026-33932 OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, a stored cross-site scripting vulnerability in the CCDA document prev... | 7.6 | HIGH | — | 0 |
| CVE-2026-33931 OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, an Insecure Direct Object Reference (IDOR) vulnerability in the patie... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-33918 OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, the billing file-download endpoint `interface/billing/get_claim_file.... | 7.6 | HIGH | — | 0 |
| CVE-2026-33917 OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior to 8.0.0.3 contais a SQL injection vulnerability in the ajax_save CAMOS form tha... | 8.8 | HIGH | — | 0 |
| CVE-2026-33915 OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, five insurance company REST API routes are missing the `RestConfig::r... | 5.4 | MEDIUM | — | 0 |
| CVE-2026-33914 OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, the PostCalendar module contains a blind SQL injection vulnerability ... | 7.2 | HIGH | — | 0 |
| CVE-2026-30892 crun is an open source OCI Container Runtime fully written in C. In versions 1.19 through 1.26, the `crun exec` option `-u` (`--user`) is incorrectly parsed. The value `1` is interpreted as UID 0 and... | 0.0 | NONE | — | 0 |
| CVE-2026-4825 A vulnerability was found in SourceCodester Sales and Inventory System 1.0. This affects an unknown part of the file /update_sales.php of the component HTTP GET Parameter Handler. The manipulation of ... | 6.3 | MEDIUM | — | 0 |
| CVE-2026-33913 OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, an authenticated user with access to the Carecoordination module can ... | 7.7 | HIGH | — | 0 |
| CVE-2026-33912 OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, an authenticated attacker could craft a malicious form that, when sub... | 5.4 | MEDIUM | — | 0 |
| CVE-2026-33911 OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, the POST parameter `title` is reflected back in a JSON response built... | 5.4 | MEDIUM | — | 0 |
| CVE-2026-33910 OpenEMR is a free and open source electronic health records and medical practice management application. Versions up to and including 8.0.0.2 contain a SQL injection vulnerability in the patient selec... | 7.2 | HIGH | — | 0 |
| CVE-2026-33909 OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, several variables in the MedEx recall/reminder processing code are co... | 5.9 | MEDIUM | — | 0 |
| CVE-2026-33348 OpenEMR is a free and open source electronic health records and medical practice management application. Users with the `Notes - my encounters` role can fill Eye Exam forms in patient encounters. The ... | 8.7 | HIGH | — | 0 |
| CVE-2026-32120 OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, an Insecure Direct Object Reference (IDOR) vulnerability in the fee s... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-29187 OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, a Blind SQL Injection vulnerability exists in the Patient Search func... | 8.1 | HIGH | — | 0 |
| CVE-2025-2535 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | N/A | NONE | — | 0 |
| CVE-2026-4824 A vulnerability has been found in Enter Software Iperius Backup up to 8.7.3. Affected by this issue is some unknown functionality of the component Backup Job Configuration File Handler. The manipulati... | 7.0 | HIGH | — | 0 |
| CVE-2026-4823 A flaw has been found in Enter Software Iperius Backup up to 8.7.3. Affected by this vulnerability is an unknown functionality of the component NTLM2 Handler. Executing a manipulation can lead to info... | 2.5 | LOW | — | 0 |
| CVE-2025-36187 IBM Knowledge Catalog Standard Cartridge 5.0.0, 5.0.1, 5.0.2, 5.0.3, 5.1, 5.1.1, 5,1.2, 5.1.3, 5.2.0, 5.2.1 stores potentially sensitive information in log files that could be read by a local privileg... | 4.4 | MEDIUM | — | 0 |
| CVE-2025-14684 IBM Maximo Application Suite - Monitor Component 9.1, 9.0, 8.11, and 8.10 could allow an unauthorized user to inject data into log messages due to improper neutralization of special elements when writ... | 4.0 | MEDIUM | — | 0 |
| CVE-2026-4822 A vulnerability was detected in Enter Software Iperius Backup up to 8.7.3. Affected is an unknown function of the file C:\ProgramData\IperiusBackup\Jobs\ of the component Backup Service. Performing a ... | 7.0 | HIGH | — | 0 |
| CVE-2026-33249 NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Starting in version 2.11.0 and prior to versions 2.11.15 and 2.12.6, a valid client which uses message t... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-33248 NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.15 and 2.12.6, when using mTLS for client identity, with `verify_and_map` to deri... | 4.2 | MEDIUM | — | 0 |
| CVE-2026-33223 NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.15 and 2.12.6, the NATS message header `Nats-Request-Info:` is supposed to be a g... | 6.4 | MEDIUM | — | 0 |
| CVE-2026-33222 NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.15 and 2.12.6, users with JetStream admin API access to restore one stream could ... | 4.9 | MEDIUM | — | 0 |
| CVE-2026-30976 Sonarr is a PVR for Usenet and BitTorrent users. In versions on the 4.x branch prior to 4.0.17.2950, an unauthenticated remote attacker can potentially read any file readable by the Sonarr process. Th... | 8.6 | HIGH | — | 0 |
| CVE-2026-30975 Sonarr is a PVR for Usenet and BitTorrent users. Versions prior to 4.0.16.2942 have an authentication bypass that affected users that had disabled authentication for local addresses (Authentication Re... | 8.1 | HIGH | — | 0 |
| CVE-2026-2485 IBM Infosphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI t... | 4.8 | MEDIUM | — | 0 |
| CVE-2026-2484 IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is affected by an information exposure vulnerability caused by overly verbose error messages | 4.3 | MEDIUM | — | 0 |
| CVE-2026-2483 IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the in... | 5.4 | MEDIUM | — | 0 |
| CVE-2026-1561 IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.3 IBM WebSphere Application Server Liberty is vulnerable to server-side request forgery (SSRF). This may allow remote attacker to sen... | 5.4 | MEDIUM | — | 0 |
| CVE-2026-1262 IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is affected by an information disclosure vulnerability. | 4.3 | MEDIUM | — | 0 |
| CVE-2026-1015 IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system,... | 5.4 | MEDIUM | — | 0 |
| CVE-2026-1014 IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to exposure of sensitive information via JSON server response manipulation. | 6.5 | MEDIUM | — | 0 |
| CVE-2025-64648 IBM Concert 1.0.0 through 2.2.0 transmits data in clear text that could allow an attacker to obtain sensitive information using man in the middle techniques. | 5.9 | MEDIUM | — | 0 |
| CVE-2025-64647 IBM Concert 1.0.0 through 2.2.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information | 5.9 | MEDIUM | — | 0 |
| CVE-2025-64646 IBM Concert 1.0.0 through 2.2.0 could allow an attacker to access sensitive information in memory due to the buffer not properly clearing resources. | 6.2 | MEDIUM | — | 0 |
| CVE-2025-36440 IBM Concert 1.0.0 through 2.2.0 could allow a local user to obtain sensitive information due to missing function level access control. | 5.1 | MEDIUM | — | 0 |
| CVE-2025-36438 IBM Concert 1.0.0 through 2.2.0 could allow a privileged user to perform unauthorized actions due to improper restriction of channel communication to intended endpoints. | 5.1 | MEDIUM | — | 0 |
| CVE-2025-36422 IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 IBM InfoSphere DataStage Flow Designer is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and un... | 4.3 | MEDIUM | — | 0 |
| CVE-2025-36258 IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 product stores user credentials and other sensitive information in plain text which can be read by a local user. | 7.1 | HIGH | — | 0 |
| CVE-2025-14974 IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable due to Insecure Direct Object Reference (IDOR). | 5.7 | MEDIUM | — | 0 |
| CVE-2025-14917 IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.3 IBM WebSphere Application Server Liberty could provide weaker than expected security when administering security settings. | 6.7 | MEDIUM | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.