N/A
2026-04-23< 4.3.0
KiviCare – Clinic & Patient Management System (EHR) <= 4.2.1 - Authenticated (Subscriber+) Insecure Direct Object Reference
KiviCare – Clinic & Patient Management System (EHR)
Minimum safe version
4.3.0
Update to 4.3.0 or later to address 18 fixable vulnerabilities
Latest available4.4.0 ✓
N/A
2026-01-22< 3.6.16
KiviCare – Clinic & Patient Management System (EHR) <= 3.6.15 - Missing Authorization to Unauthenticated Limited Arbitrary File Upload
N/A
2026-03-17< 4.1.3
KiviCare – Clinic & Patient Management System (EHR) <= 4.1.2 - Unauthenticated Authentication Bypass via Social Login Token
N/A
2026-03-17< 4.1.3
KiviCare <= 4.1.2 - Missing Authorization to Unauthenticated Privilege Escalation via Setup Wizard
High 7.1
2026-03-25< 4.0.0
CVE-2026-25383
Medium 6.5
2026-03-25< 4.0.0
CVE-2026-25034
High 8.5
2026-02-03< 4.0.0
CVE-2026-25022
High 8.5
2025-11-27< 3.6.14
KiviCare <= 3.6.13 - Authenticated (Patient+) SQL Injection
Medium 6.5
2025-02-28< 3.6.8
KiviCare – Clinic & Patient Management System (EHR) <= 3.6.7 - Authenticated (Doctor+) SQL Injection via 'u_id' Parameter
High 7.5
2024-12-06< 3.6.5
CVE-2024-11728
Medium 6.5
2024-12-06< 3.6.5
CVE-2024-11730
Medium 6.5
2024-12-06< 3.6.5
CVE-2024-11729
Medium 5.3
2024-06-08< 3.6.7
CVE-2024-35659
Medium 4.3
2023-06-27< 3.2.1
CVE-2023-2627
Medium 6.1
2023-06-27< 3.2.1
CVE-2023-2624
Medium 6.5
2023-06-27< 3.2.1
CVE-2023-2623
High 8.8
2023-06-27< 3.2.1
CVE-2023-2628
Critical 9.8
2022-06-13< 2.3.9
CVE-2022-0786