HAPI FHIR 安全漏洞

HAPI FHIR is an open-source Java-based HL7 FHIR API developed by HAPI FHIR. Versions of HAPI FHIR prior to 6.9.4 contained security vulnerabilities; these vulnerabilities were caused by improper URL prefix matching, which could lead to credential exposure...

io.connectedhealth-idaas:idaas-eventbuilder (=2.3.0) potentially affected by CVE-2026-34360 via ca.uhn.hapi.fhir:org.hl7.fhir.core (=5.1.7)

ca.uhn.hapi.fhir:org.hl7.fhir.core MAVEN version =5.1.7 is affected by a known vulnerability. The following packages have a transitive dependency on ca.uhn.hapi.fhir:org.hl7.fhir.core and may be impacted: - io.connectedhealth-idaas:idaas-eventbuilder =2.3.0 Source cves: CVE-2026-34360 Source...

MedDream PACS Premium security vulnerability

MedDream PACS Premium is an enterprise-level image storage and management server suite developed by MedDream Corporation. Version 7.3.6.870 of MedDream PACS Premium contains a security vulnerability. This vulnerability stems from a reflective cross-site scripting vulnerability in the modifyHL7Rou...

CVE-2025-53948

The Sante PACS Server allows a remote attacker to crash the main thread by sending a crafted HL7 message, causing a denial-of-service condition. The application would require a manual restart and no authentication is required...

CVE-2025-53948

The Sante PACS Server allows a remote attacker to crash the main thread by sending a crafted HL7 message, causing a denial-of-service condition. The application would require a manual restart and no authentication is required...

CVE-2025-53948

The Sante PACS Server allows a remote attacker to crash the main thread by sending a crafted HL7 message, causing a denial-of-service condition. The application would require a manual restart and no authentication is required...

CVE-2025-53948

CVE-2025-53948 pertains to the Sante PACS Server, where a remote attacker can crash the main thread by sending a crafted HL7 message, resulting in a denial-of-service condition. The vulnerability enables unauthenticated remote impact and requires a manual restart to restore service. Multiple sour...

PT-2025-33700 · Unknown · Sante Pacs Server

Name of the Vulnerable Software and Affected Versions: Sante PACS Server affected versions not specified Description: The Sante PACS Server is susceptible to a denial-of-service condition. A remote attacker can crash the main thread by sending a crafted HL7 message. No authentication is required,...

CVE-2023-28465

The package-decompression feature in HL7 Health Level 7 FHIR Core Libraries before 5.6.106 allows attackers to copy arbitrary files to certain directories via directory traversal, if an allowed directory name is a substring of the directory name chosen by the attacker. NOTE: this issue exists...

HL7 FHIR IG Publisher Artifacts 代码问题漏洞

HL7 FHIR IG Publisher Artifacts is an open source tool by Health Level Seven International for obtaining a set of inputs. A code issue vulnerability exists in HL7 FHIR IG Publisher Artifacts versions prior to 1.7.4. An attacker can exploit this vulnerability to perform an XML external entity...

PT-2025-2936

Name of the Vulnerable Software and Affected Versions HL7 FHIR IG publisher versions prior to 1.7.4 Description The HL7 FHIR IG publisher is vulnerable to XML external entity injections due to XSLT transforms performed by various components. This issue can be exploited by submitting a malicious X...

HL7 FHIR IG Publisher Artifacts 信息泄露漏洞

HL7 FHIR IG Publisher Artifacts is an open source tool used by Health Level Seven International to obtain a set of inputs. An information disclosure vulnerability previously existed in HL7 FHIR IG Publisher Artifacts version 1.8.9, which stemmed from the fact that if the repository had been clone...

org.hl7.fhir.core: org.hl7.fhir.dstu3: org.hl7.fhir.r4: org.hl7.fhir.r4b: org.hl7.fhir.r5: org.hl7.fhir.utilities: XXE vulnerability in XSLT transforms in `org.hl7.fhir.core`

A flaw was found in HAPI FHIR - HL7 FHIR Core Artifacts. eXtensible Stylesheet Language Transformations XSLT transforms performed by various components are vulnerable to XML external entity injections. A processed XML file with a malicious DTD tag could produce XML containing data from the host...

HL7 FHIR IG Publisher Artifacts 安全漏洞

HL7 FHIR IG Publisher Artifacts is an open source tool from Health Level Seven International for obtaining a set of inputs. A security vulnerability exists in HL7 FHIR IG Publisher Artifacts versions prior to 6.3.23, which stems from vulnerability to an XML external entity injection attack, where...

Health Level 7 Security Vulnerability

Health Level 7 is a series of global standards for transferring clinical and administrative health data between applications from Health Level 7, Inc. A security vulnerability exists in Health Level 7 versions prior to 5.6.106 that stems from a package decompression feature in the core library th...

CVE-2023-31448

A path traversal vulnerability was identified in the HL7 sensor in PRTG 23.2.84.1566 and earlier versions where an authenticated user with write permissions could trick the HL7 sensor into behaving differently for existing files and non-existing files. This made it possible to traverse paths,...

CVE-2020-27260

Innokas Yhtymä Oy Vital Signs Monitor VC150 prior to Version 1.7.15 HL7 v2.x injection vulnerabilities exist in the affected products that allow physically proximate attackers with a connected barcode reader to inject HL7 v2.x segments into specific HL7 v2.x messages via multiple expected...

Innokas Medical Innokas Yhtyma Oy Vital Signs Monitor Injection Vulnerability

Innokas Medical Innokas Yhtyma Oy Vital Signs Monitor is a monitor from Innokas Medical that measures blood pressure, body temperature, respiratory rate and pulse rate. Innokas Yhtyma Oy Vital Signs Monitor VC150 to Version 1.7.15 suffers from injection vulnerabilities that allow an attacker to...