22 matches found
PT-2026-35981
Merge PACS 7.0 contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized actions by crafting malicious HTML forms targeting the merge-viewer endpoint. Attackers can submit POST requests to /servlet/actions/merge-viewer/summary with login credentials to hija...
EUVD-2025-208145
SQL Injection vulnerability in "imageserver" module when processing C-FIND queries in CGM NETRAAD software allows attacker connected to PACS gaining access to database, including data processed by GCM CLININET software.This issue affects CGM NETRAAD with imageserver module in versions before 7.9....
CVE-2025-57786
A reflected cross-site scripting xss vulnerability exists in the notifynewstudy functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability...
MedDream PACS Premium security vulnerability
MedDream PACS Premium is an enterprise-level image storage and management server suite developed by MedDream Corporation. Version 7.3.6.870 of MedDream PACS Premium contains a security vulnerability, which stems from a reflection-type cross-site scripting vulnerability in the encapsulatedDoc...
EUVD-2025-25587
Malicious code in bioql PyPI...
CVE-2025-27721
Unauthorized users can access INFINITT PACS System Manager without proper authorization, which could lead to unauthorized access to system resources...
CVE-2025-24489 INFINITT Healthcare INFINITT PACS Unrestricted Upload of File with Dangerous Type
An attacker could exploit this vulnerability by uploading arbitrary files via a specific service, which could lead to system compromise...
CVE-2025-27714 INFINITT Healthcare INFINITT PACS Unrestricted Upload of File with Dangerous Type
An attacker could exploit this vulnerability by uploading arbitrary files via the a specific endpoint, leading to unauthorized remote code execution or system compromise...
CVE-2025-27721 INFINITT Healthcare INFINITT PACS Exposure of Sensitive System Information to an Unauthorized Control Sphere
Unauthorized users can access INFINITT PACS System Manager without proper authorization, which could lead to unauthorized access to system resources...
CVE-2025-27721 INFINITT Healthcare INFINITT PACS Exposure of Sensitive System Information to an Unauthorized Control Sphere
Unauthorized users can access INFINITT PACS System Manager without proper authorization, which could lead to unauthorized access to system resources...
PT-2025-34277 · Infinitt · Infinitt Pacs System Manager
Name of the Vulnerable Software and Affected Versions: INFINITT PACS System Manager affected versions not specified Description: The INFINITT PACS System Manager allows unauthorized users to gain access without proper authorization, potentially leading to unauthorized access to system resources...
CVE-2025-53948
The Sante PACS Server allows a remote attacker to crash the main thread by sending a crafted HL7 message, causing a denial-of-service condition. The application would require a manual restart and no authentication is required...
CVE-2025-54759 Santesoft Sante PACS Server Cross-site Scripting
Sante PACS Server is vulnerable to stored cross-site scripting. An attacker could inject malicious HTML codes redirecting a user to a malicious webpage and stealing the user's cookie...
CVE-2025-53948 Santesoft Sante PACS Server Double Free
The Sante PACS Server allows a remote attacker to crash the main thread by sending a crafted HL7 message, causing a denial-of-service condition. The application would require a manual restart and no authentication is required...
PT-2025-33700 · Unknown · Sante Pacs Server
Name of the Vulnerable Software and Affected Versions: Sante PACS Server affected versions not specified Description: The Sante PACS Server is susceptible to a denial-of-service condition. A remote attacker can crash the main thread by sending a crafted HL7 message. No authentication is required,...
MedDream PACS Premium Cross-Site Scripting Vulnerability (CNVD-2026-10671)
MedDream PACS Premium is an enterprise-class image storage and management server suite from MedDream. MedDream PACS Premium suffers from a cross-site scripting vulnerability that is caused by improper validation of user-supplied input by the radiationDoseReport.php function. No detailed...
MedDream PACS Premium Access Control Error Vulnerability
MedDream PACS Premium is an enterprise-class image storage and management server suite from MedDream. MedDream PACS Premium suffers from an Access Control Error vulnerability that is caused by an error in the login.php function. An attacker can exploit the vulnerability to elevate privileges...
MedDream PACS Premium 访问控制错误漏洞
MedDream PACS Premium is an enterprise-class image storage and management server suite from MedDream. MedDream PACS Premium suffers from an Access Control Error vulnerability that is caused by an error in the login.php function. An attacker can exploit the vulnerability to elevate privileges...
The vulnerability of the DCM files on the medical image and data management system, as well as the Sante PACS Server, allows a hacker to record these files in the context of the current user.
The vulnerability of the DCM files on the medical image and data management system, as well as those on the Sante PACS Server, is related to incorrect restrictions on the path name for accessing the restricted catalog. Exploiting this vulnerability allows a malicious actor to write files under th...
CVE-2023-40704
The product does not require unique and complex passwords to be created during installation. Using Philips's default password could jeopardize the PACS system if the password was hacked or leaked. An attacker could gain access to the database impacting system availability and data integrity...