Security researchers have discovered 38 vulnerabilities in OpenEMR, an open-source medical records platform used by over 100,000 healthcare providers worldwide to manage data for more than 200 million patients. The flaws, which have now been patched, included critical SQL injection bugs that could have allowed authenticated attackers to steal patient information, compromise databases, and execute malicious code on servers, though there's no evidence of real-world exploitation. Most vulnerabilities stemmed from authorization issues, with additional problems including cross-site scripting and path traversal flaws.