Lucene search
K

22 matches found

Positive Technologies
Positive Technologies
added 2026/04/29 12:0 a.m.5 views

PT-2026-35981

Merge PACS 7.0 contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized actions by crafting malicious HTML forms targeting the merge-viewer endpoint. Attackers can submit POST requests to /servlet/actions/merge-viewer/summary with login credentials to hija...

6.9CVSS5.2AI score0.00138EPSS
Exploits0References4
EUVD
EUVD
added 2026/03/02 11:9 a.m.5 views

EUVD-2025-208145

SQL Injection vulnerability in "imageserver" module when processing C-FIND queries in CGM NETRAAD software allows attacker connected to PACS gaining access to database, including data processed by GCM CLININET software.This issue affects CGM NETRAAD with imageserver module in versions before 7.9....

8.8CVSS6AI score0.00186EPSS
Exploits0References2
OSV
OSV
added 2026/01/20 3:17 p.m.5 views

CVE-2025-57786

A reflected cross-site scripting xss vulnerability exists in the notifynewstudy functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability...

5.4CVSS5.9AI score0.00235EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/01/20 12:0 a.m.8 views

MedDream PACS Premium security vulnerability

MedDream PACS Premium is an enterprise-level image storage and management server suite developed by MedDream Corporation. Version 7.3.6.870 of MedDream PACS Premium contains a security vulnerability, which stems from a reflection-type cross-site scripting vulnerability in the encapsulatedDoc...

6.1CVSS5.9AI score0.00286EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-25587

Malicious code in bioql PyPI...

8.7CVSS6.6AI score0.00313EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/08/23 8:13 p.m.6 views

CVE-2025-27721

Unauthorized users can access INFINITT PACS System Manager without proper authorization, which could lead to unauthorized access to system resources...

8.7CVSS7.1AI score0.00313EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/08/21 7:44 p.m.9 views

CVE-2025-24489 INFINITT Healthcare INFINITT PACS Unrestricted Upload of File with Dangerous Type

An attacker could exploit this vulnerability by uploading arbitrary files via a specific service, which could lead to system compromise...

6.3CVSS0.00255EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/08/21 7:42 p.m.10 views

CVE-2025-27714 INFINITT Healthcare INFINITT PACS Unrestricted Upload of File with Dangerous Type

An attacker could exploit this vulnerability by uploading arbitrary files via the a specific endpoint, leading to unauthorized remote code execution or system compromise...

6.3CVSS0.00306EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/08/21 7:33 p.m.8 views

CVE-2025-27721 INFINITT Healthcare INFINITT PACS Exposure of Sensitive System Information to an Unauthorized Control Sphere

Unauthorized users can access INFINITT PACS System Manager without proper authorization, which could lead to unauthorized access to system resources...

8.7CVSS0.00313EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/08/21 7:33 p.m.6 views

CVE-2025-27721 INFINITT Healthcare INFINITT PACS Exposure of Sensitive System Information to an Unauthorized Control Sphere

Unauthorized users can access INFINITT PACS System Manager without proper authorization, which could lead to unauthorized access to system resources...

8.7CVSS7AI score0.00313EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/08/21 12:0 a.m.5 views

PT-2025-34277 · Infinitt · Infinitt Pacs System Manager

Name of the Vulnerable Software and Affected Versions: INFINITT PACS System Manager affected versions not specified Description: The INFINITT PACS System Manager allows unauthorized users to gain access without proper authorization, potentially leading to unauthorized access to system resources...

8.7CVSS7.1AI score0.00313EPSS
Exploits0References4
NVD
NVD
added 2025/08/18 10:15 p.m.9 views

CVE-2025-53948

The Sante PACS Server allows a remote attacker to crash the main thread by sending a crafted HL7 message, causing a denial-of-service condition. The application would require a manual restart and no authentication is required...

8.7CVSS0.00703EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/08/18 9:26 p.m.7 views

CVE-2025-54759 Santesoft Sante PACS Server Cross-site Scripting

Sante PACS Server is vulnerable to stored cross-site scripting. An attacker could inject malicious HTML codes redirecting a user to a malicious webpage and stealing the user's cookie...

6.1CVSS0.00181EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/08/18 9:16 p.m.6 views

CVE-2025-53948 Santesoft Sante PACS Server Double Free

The Sante PACS Server allows a remote attacker to crash the main thread by sending a crafted HL7 message, causing a denial-of-service condition. The application would require a manual restart and no authentication is required...

8.7CVSS0.00703EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/08/18 12:0 a.m.7 views

PT-2025-33700 · Unknown · Sante Pacs Server

Name of the Vulnerable Software and Affected Versions: Sante PACS Server affected versions not specified Description: The Sante PACS Server is susceptible to a denial-of-service condition. A remote attacker can crash the main thread by sending a crafted HL7 message. No authentication is required,...

8.7CVSS4.5AI score0.00703EPSS
Exploits0References9
CNVD
CNVD
added 2025/07/30 12:0 a.m.4 views

MedDream PACS Premium Cross-Site Scripting Vulnerability (CNVD-2026-10671)

MedDream PACS Premium is an enterprise-class image storage and management server suite from MedDream. MedDream PACS Premium suffers from a cross-site scripting vulnerability that is caused by improper validation of user-supplied input by the radiationDoseReport.php function. No detailed...

6.1CVSS5.2AI score0.00712EPSS
Exploits1References1
CNVD
CNVD
added 2025/07/30 12:0 a.m.3 views

MedDream PACS Premium Access Control Error Vulnerability

MedDream PACS Premium is an enterprise-class image storage and management server suite from MedDream. MedDream PACS Premium suffers from an Access Control Error vulnerability that is caused by an error in the login.php function. An attacker can exploit the vulnerability to elevate privileges...

9.8CVSS6AI score0.00535EPSS
Exploits1References1
CNNVD
CNNVD
added 2025/07/28 12:0 a.m.8 views

MedDream PACS Premium 访问控制错误漏洞

MedDream PACS Premium is an enterprise-class image storage and management server suite from MedDream. MedDream PACS Premium suffers from an Access Control Error vulnerability that is caused by an error in the login.php function. An attacker can exploit the vulnerability to elevate privileges...

9.8CVSS7.3AI score0.00535EPSS
Exploits1References2
BDU FSTEC
BDU FSTEC
added 2025/03/13 12:0 a.m.9 views

The vulnerability of the DCM files on the medical image and data management system, as well as the Sante PACS Server, allows a hacker to record these files in the context of the current user.

The vulnerability of the DCM files on the medical image and data management system, as well as those on the Sante PACS Server, is related to incorrect restrictions on the path name for accessing the restricted catalog. Exploiting this vulnerability allows a malicious actor to write files under th...

4.3CVSS5.5AI score0.01545EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2024/07/18 5:15 p.m.4 views

CVE-2023-40704

The product does not require unique and complex passwords to be created during installation. Using Philips's default password could jeopardize the PACS system if the password was hacked or leaked. An attacker could gain access to the database impacting system availability and data integrity...

9.8CVSS5.8AI score0.00338EPSS
Exploits0References2
Rows per page
Query Builder