9.1
CVE-2026-4428 - CRL Distribution Point Scope Check Logic Error in AWS-LC
A logic error in CRL distribution point validation in AWS-LC before 1.71.0 causes partitioned CRLs to be incorrectly rejected as out of scope, which allows a revoked certificate to bypass certificate revocation checks. To remediate this issue, users should upgrade to AWS-LC 1.71.0 or AWS-LC-FIPS-β¦
10
CVE-2026-30836 - Step CA: Unauthenticated Certificate Issuance via SCEP UpdateReq (MessageType=18)
Step CA is an online certificate authority for secure, automated certificate management for DevOps. Versions 0.30.0-rc6 and below do not safeguard against unauthenticated certificate issuance through the SCEP UpdateReq. This issue has been fixed in version 0.30.0.
8.7
CVE-2026-33346 - OpenEMR has stored XSS in portal_payment.php via Unescaped table_args
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.2, a stored cross-site scripting (XSS) vulnerability in the patient portal payment flow allows a patient portal user to persist arbitrary JavaScript that executes in the browser oβ¦
5.4
CVE-2026-33305 - OpenEMR has Authorization Bypass in FaxSMS AppDispatch Constructor
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.2, an authorization bypass in the optional FaxSMS module (`oe-module-faxsms`) allows any authenticated OpenEMR user to invoke controller methods β including `getNotificationLog()`β¦
6.9
CVE-2026-3849 - Buffer Overflow in HPKE via Oversized ECH Config
Stack Buffer Overflow in wc_HpkeLabeledExtract via Oversized ECH Config. A vulnerability existed in wolfSSL 5.8.4 ECH (Encrypted Client Hello) support, where a maliciously crafted ECH config could cause a stack buffer overflow on the client side, leading to potential remote execution and client proβ¦
4.1
CVE-2026-27166 - Discourse vulnerable to HTML injection via prohibited iframe URLs
Discourse is an open source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1 and 2026.1.2, insufficient cleanup in the default Codepen allowed iframes value allows an attacker to trick a user into changing the URL of the main page. This issue has been fixed in versions 2026.3.0-lβ¦
6.5
CVE-2026-33304 - OpenEMR has Authorization Bypass in Dated Reminders Log
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.2, an authorization bypass in the dated reminders log allows any authenticated non-admin user to view reminder messages belonging to other users, including associated patient nameβ¦
5.4
CVE-2026-33303 - OpenEMR Vulnerable to Stored XSS via Unescaped portal_login_username in Credential Print View
OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior to 8.0.0.2 are vulnerable to stored cross-site scripting (XSS) via unescaped `portal_login_username` in the portal credential print view. A patient portal user can set their loginβ¦
7.3
CVE-2026-33302 - OpenEMR: zhAclCheck Ignores Explicit ACL Denies
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.2, the module ACL function `AclMain::zhAclCheck()` only checks for the presence of any "allow" (user or group). It never checks for explicit "deny" (allowed=0). As a result, adminβ¦
7.1
CVE-2026-27953 - ormar has a Pydantic Validation Bypass via Kwargs Injection in Model Constructor
ormar is a async mini ORM for Python. Versions 0.23.0 and below are vulnerable to Pydantic validation bypass through the model constructor, allowing any unauthenticated user to skip all field validation by injecting "__pk_only__": true into a JSON request body. By injecting "__pk_only__": true intoβ¦