7.1
CVE-2026-25927 - OpenEMR Missing Authorization Checks in DICOM Viewer State API
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, the DICOM viewer state API (e.g. upload or state save/load) accepts a document ID (`doc_id`) without verifying that the document belongs to the current userβs authorizedβ¦
8.8
CVE-2026-25746 - OpenEMR has SQL Injection Vulnerability
OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior to 8.0.0 contain a SQL injection vulnerability in prescription that can be exploited by authenticated attackers. The vulnerability exists due to insufficient input validation in tβ¦
7.2
CVE-2026-25743 - OpenEMR has Stored XSS in Questionnaire answers
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, users with the "Forms administration" role can fill questionnaires ("forms") in patient encounters. The answers to the forms are displayed on the encounter page and in thβ¦
4.9
CVE-2026-3221 - Devolutions Server Database Stores Unencrypted User Account Information
Sensitive user account information is not encrypted in the database in Devolutions Server 2025.3.14 and earlier, which allows an attacker with access to the database to obtain sensitive user information via direct database access.
7.5
CVE-2026-25476 - OpenEMR has Session Timeout Bypass via skip_timeout_reset
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, the session expiration check in `library/auth.inc.php` runs only when `skip_timeout_reset` is not present in the request. When `skip_timeout_reset=1` is sent, the entire β¦
5.7
CVE-2026-25220 - OpenEMR Messages "Show All" Not Restricted to Admins
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, the Message Center accepts the URL parameter `show_all=yes` and passes it to `getPnotesByUser()`, which returns all internal messages (all usersβ notes). The backend doesβ¦
8.1
CVE-2026-25164 - OpenEMR's Document and Insurance REST Endpoints Skip ACL
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, the REST API route table in `apis/routes/_rest_routes_standard.inc.php` does not call `RestConfig::request_authorization_check()` for the document and insurance routes. Oβ¦
10
CVE-2026-24908 - OpenEMR has SQL Injection in Patient API Sort Parameter
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, an SQL injection vulnerability in the Patient REST API endpoint allows authenticated users with API access to execute arbitrary SQL queries through the `_sort` parameter.β¦
8.1
CVE-2026-24890 - OpenEMR Portal Users Can Forge Provider Signatures
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, an authorization bypass vulnerability in the patient portal signature endpoint allows authenticated portal users to upload and overwrite provider signatures by setting `tβ¦
5.7
CVE-2026-24487 - OpenEMR has FHIR Patient Compartment Bypass in CareTeam Resource
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, an authorization bypass vulnerability in the FHIR CareTeam resource endpoint allows patient-scoped FHIR tokens to access care team data for all patients instead of being β¦