ROOT-APP-MAVEN-CVE-2026-34359 CVE-2026-34359 in io.root.ca.uhn.hapi.fhir:org.hl7.fhir.utilities - Patched by Root

Root has patched CVE-2026-34359 in the io.root.ca.uhn.hapi.fhir:org.hl7.fhir.utilities package for Root:Maven. Multiple fixed versions available...

CVE-2026-34359

Summary: CVE-2026-34359 affects HAPI FHIR Core prior to 6.9.4, where ManagedWebAccessUtils.getServer() used String.startsWith() to map request URLs to configured servers. This enables credential leakage via HTTP redirects to attacker-controlled domains that prefix-match configured URLs (e.g., htt...

ca.uhn.hapi.fhir:org.hl7.fhir.convertors (>=6.8.0 <=6.9.3), ca.uhn.hapi.fhir:org.hl7.fhir.dstu2 (>=6.8.0 <=6.9.3) +12 more potentially affected by CVE-2026-34359 +1 more via ca.uhn.hapi.fhir:org.hl7.fhir.utilities (>=6.8.0 <=6.9.3)

ca.uhn.hapi.fhir:org.hl7.fhir.utilities MAVEN version =6.8.0, =6.8.0, =6.8.0, =6.8.0, =6.8.0, =6.8.0, =6.8.0, =6.8.0, =6.8.0, =6.8.0, =4.0.19, =4.14.6, =2.1.0, =2.1.0, =2.1.0, =2.2.3 Source cves: CVE-2026-34359, CVE-2026-34361 Source advisory: SNYK:JAVA-CAUHNHAPIFHIR-15855298...

health.matchbox:matchbox-engine (>=4.0.19 <=4.1.0), org.hl7.fhir.publisher:org.hl7.fhir.publisher (>=2.1.0 <=2.2.3) +2 more potentially affected by CVE-2026-34359 +1 more via ca.uhn.hapi.fhir:org.hl7.fhir.validation (>=6.8.0 <=6.9.3)

ca.uhn.hapi.fhir:org.hl7.fhir.validation MAVEN version =6.8.0, =4.0.19, =2.1.0, =2.1.0, =2.1.0, =2.2.3 Source cves: CVE-2026-34359, CVE-2026-34361 Source advisory: SNYK:JAVA-CAUHNHAPIFHIR-15855464...

Insufficiently Protected Credentials

Overview Affected versions of this package are vulnerable to Insufficiently Protected Credentials through and exposed /loadIG endpoint in ca.uhn.hapi.fhir:org.hl7.fhir.validation. An attacker can obtain authentication credentials for external FHIR servers by submitting a crafted URL that exploits...

io.connectedhealth-idaas:idaas-eventbuilder (=2.3.0) potentially affected by CVE-2026-34359 via ca.uhn.hapi.fhir:org.hl7.fhir.core (=5.1.7)

ca.uhn.hapi.fhir:org.hl7.fhir.core MAVEN version =5.1.7 is affected by a known vulnerability. The following packages have a transitive dependency on ca.uhn.hapi.fhir:org.hl7.fhir.core and may be impacted: - io.connectedhealth-idaas:idaas-eventbuilder =2.3.0 Source cves: CVE-2026-34359 Source...

au.csiro.pathling:encoders (>=5.1.0 <=9.5.0), au.csiro.pathling:fhir-server (>=5.3.1 <=7.2.0) +352 more potentially affected by CVE-2026-34359 via ca.uhn.hapi.fhir:org.hl7.fhir.utilities (>=0.0.1 <=6.9.3)

ca.uhn.hapi.fhir:org.hl7.fhir.utilities MAVEN version =0.0.1, =5.1.0, =5.3.1, =6.2.1, =5.3.1, =5.3.1, =5.3.0, =0.0.9, =5.6.5, =5.6.5, =5.6.5, =3.4.0, =5.6.5, =4.1.0, =4.0.3, =8.8.1 and more Source cves: CVE-2026-34359 Source advisory: OSV:GHSA-FGV2-4Q4G-WC35...

au.csiro.pathling:encoders (>=8.0.0 <=9.5.0), au.csiro.pathling:fhirpath (>=8.0.0 <=9.5.0) +164 more potentially affected by CVE-2026-34359 via ca.uhn.hapi.fhir:org.hl7.fhir.utilities (>=6.4.1 <=6.9.3)

ca.uhn.hapi.fhir:org.hl7.fhir.utilities MAVEN version =6.4.1, =8.0.0, =8.0.0, =8.0.0, =8.0.0, =8.0.0, =8.2.0, =8.2.0, =8.2.0, =8.2.0, =8.2.0, =8.2.0, =8.2.0, =8.2.0, =8.2.0, =8.8.1 and more Source cves: CVE-2026-34359 Source advisory: SNYK:JAVA-CAUHNHAPIFHIR-15855257...

CVE-2026-34359

creationtimestamp| type| source ---|---|--- 2026-03-27 13:32:19+00:00| published-proof-of-concept| https://github.com/hapifhir/org.hl7.fhir.core/security/advisories/GHSA-fgv2-4q4g-wc35 2026-03-31 19:20:27+00:00| published-proof-of-concept| Telegram/pGlKXNBirRT0gxqFC1bVLs6pojbUfu72MTdyyvCxHD2SpM...

EUVD-2024-44465

Malicious code in bioql PyPI...

CVE-2024-34359

llama-cpp-python is the Python bindings for llama.cpp. llama-cpp-python depends on class Llama in llama.py to load .gguf llama.cpp or Latency Machine Learning Models. The init constructor built in the Llama takes several parameters to configure the loading and running of the model. Other than NUM...

Researchers Uncover Flaws in Python Package for AI Models and PDF.js Used by Firefox

A critical security flaw has been disclosed in the llamacpppython Python package that could be exploited by threat actors to achieve arbitrary code execution. Tracked as CVE-2024-34359 CVSS score: 9.7, the flaw has been codenamed Llama Drama by software supply chain security firm Checkmarx. "If...

CVE-2024-34359

creationtimestamp| type| source ---|---|--- 2024-05-17 08:03:06+00:00| published-proof-of-concept| https://t.me/HackingInsights/582 2024-05-17 15:53:40+00:00| seen| https://t.me/informationsecuritychannel/52213 2024-05-21 13:16:03+00:00| seen| https://t.me/KomunitiSiber/1975 2024-05-21...

akasha-terminal (>=0.8.0 <=0.8.23), coconut-ai (>=0.2.0 <=1.0.0) +7 more potentially affected by CVE-2024-34359 via llama-cpp-python (>=0.2.32 <=0.2.67)

llama-cpp-python PYPI version =0.2.32, =0.8.0, =0.2.0, =0.1.5, =0.0.1, =0.2.2, =0.0.7, =1.8.1.dev11, =0.0.20, =0.0.26 Source cves: CVE-2024-34359 Source advisory: OSV:GHSA-56XG-WFCC-G829...

CVE-2023-34359

creationtimestamp| type| source ---|---|--- 2023-07-31 12:42:32+00:00| seen| https://t.me/cibsecurity/67438...

CVE-2023-34359

ASUS RT-AX88U exposes a DoS vulnerability in httpd caused by a buffer/ej.c do_json_decode() mismanagement. Remote attackers can trigger via specially crafted requests to crash the httpd binary, yielding unauthenticated denial of service. Public sources in the CVE describe the issue as an unauthen...

CVE-2021-34359

creationtimestamp| type| source ---|---|--- 2022-02-25 12:20:28+00:00| seen| https://t.me/cibsecurity/38075...

CVE-2021-34359 Stored XSS Vulnerability in Proxy Server

A cross-site scripting XSS vulnerability has been reported to affect QNAP device running Proxy Server. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of Proxy Server: QTS 4.5.x: Proxy Server 1.4...

CVE-2021-34359

The CVE-2021-34359 issue is a cross-site scripting (XSS) vulnerability in QNAP QTS Proxy Server. Affected product: Proxy Server on QTS 4.5.x. Root cause: insufficient handling of user-supplied data allowing injection of HTML/Script. Impact: remote attacker could inject malicious code when a user ...

[SECURITY] [DLA 1953-1] clamav security update

Package : clamav Version : 0.101.4+dfsg-0+deb8u1 CVE ID : CVE-2019-12625 CVE-2019-12900 Debian Bug : 34359 It was discovered that clamav, the open source antivirus engine, is affected by the following security vulnerabilities: CVE-2019-12625 Denial of Service DoS vulnerability, resulting from...