8.1
CVE-2026-24890 - OpenEMR Portal Users Can Forge Provider Signatures
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, an authorization bypass vulnerability in the patient portal signature endpoint allows authenticated portal users to upload and overwrite provider signatures by setting `tβ¦
5.7
CVE-2026-24487 - OpenEMR has FHIR Patient Compartment Bypass in CareTeam Resource
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, an authorization bypass vulnerability in the FHIR CareTeam resource endpoint allows patient-scoped FHIR tokens to access care team data for all patients instead of being β¦
7.4
CVE-2026-23627 - OpenEMR has SQL Injection in Immunization Search/Report
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, an SQL injection vulnerability in the Immunization module allows any authenticated user to execute arbitrary SQL queries, leading to complete database compromise, PHI exfβ¦
4.1
CVE-2026-27795 - LangChain Community: redirect chaining can lead to SSRF bypass via RecursiveUrlLoader
LangChain is a framework for building LLM-powered applications. Prior to version 1.1.8, a redirect-based Server-Side Request Forgery (SSRF) bypass exists in `RecursiveUrlLoader` in `@langchain/community`. The loader validates the initial URL but allows the underlying fetch to follow redirects automβ¦
2
CVE-2026-3194 - Chia Blockchain RPC Server Master Passphrase get_private_key missing authentication
A flaw has been found in Chia Blockchain 2.1.0. The affected element is the function send_transaction/get_private_key of the component RPC Server Master Passphrase Handler. This manipulation causes missing authentication. The attack can only be executed locally. The attack's complexity is rated as β¦
9.3
CVE-2026-21902 - Junos OS Evolved: PTX Series: A vulnerability allows a unauthenticated, network-based attacker to eβ¦
An Incorrect Permission Assignment for Critical Resource vulnerability in the On-Box Anomaly detection framework of Juniper Networks Junos OS Evolved on PTX Series allows an unauthenticated, network-based attacker to execute code as root. The On-Box Anomaly detection framework should only be reachβ¦
7.5
CVE-2026-27850 - Improper verification in Linksys MR9600, Linksys MX4200
Due to an improperly configured firewall rule, the router will accept any connection on the WAN port with the source port 5222, exposing all services which are normally only accessible through the local network. This issue affects MR9600: 1.0.4.205530; MX4200: 1.0.13.210200.
8.3
CVE-2026-25554 - OpenSIPS 3.1 <= 3.6.4 auth_jwt SQL Injection Enables JWT Authentication Bypass
OpenSIPS versions 3.1 before 3.6.4 containing the auth_jwt module (prior to commit 3822d33) contain a SQL injection vulnerability in the jwt_db_authorize() function in modules/auth_jwt/authorize.c when db_mode is enabled and a SQL database backend is used. The function extracts the tag claim from aβ¦
6.6
CVE-2026-27794 - LangGraph: BaseCache Deserialization of Untrusted Data may lead to Remote Code Execution
LangGraph Checkpoint defines the base interface for LangGraph checkpointers. Prior to version 4.0.0, a Remote Code Execution vulnerability exists in LangGraph's caching layer when applications enable cache backends that inherit from `BaseCache` and opt nodes into caching via `CachePolicy`. Prior toβ¦
9.2
CVE-2026-27739 - Angular SSR is vulnerable to SSRF and Header Injection via request handling pipeline
The Angular SSR is a server-rise rendering tool for Angular applications. Versions prior to 21.2.0-rc.1, 21.1.5, 20.3.17, and 19.2.21 have a Server-Side Request Forgery (SSRF) vulnerability in the Angular SSR request handling pipeline. The vulnerability exists because Angularβs internal URL reconstβ¦