Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-40076 |
|
Path Traversal in org.openmrs.web:openmrs-web (CVE-2026-40076)
path traversal in org.openmrs.web:openmrs-web (CVE-2026-40076). Successful exploitation can lead to full system takeover. Exploitable via `POST /openmrs/ws/rest/v1/module`.
|
| CVE-2026-40075 |
|
Path Traversal in org.openmrs.web:openmrs-web (CVE-2026-40075)
path traversal in org.openmrs.web:openmrs-web (CVE-2026-40075). Confidential information can be exposed externally. Exploitable via ``ModuleResourcesServlet``. Mitigation: upgrade to `2.8.6` or later.
|
| CVE-2025-25925 |
|
Cross-Site Scripting (XSS) in openmrs (CVE-2025-25925)
cross-site scripting in openmrs (CVE-2025-25925). Risk of unauthorized operations or information disclosure.
|
| CVE-2017-12796 |
|
Unsafe Deserialization in openmrs (CVE-2017-12796)
vulnerability in openmrs (CVE-2017-12796). Successful exploitation can lead to full system takeover.
|
| CVE-2017-7990 |
|
Cross-Site Request Forgery (CSRF) in csrf (CVE-2017-7990)
vulnerability in csrf (CVE-2017-7990). Successful exploitation can lead to full system takeover.
|