Lucene search
K

10 matches found

GitLab Advisory Database
GitLab Advisory Database
added 2026/05/18 12:0 a.m.8 views

HAPI FHIR: ReDoS via FHIRPath matches()/replaceMatches() in FHIR Validator HTTP Endpoint

All implementations of FHIRPathEngine accept arbitrary FHIRPath expressions and evaluate them without input validation. The FHIRPath functions matches, matchesFull, and replaceMatches pass user-controlled regular expressions directly to Java's Pattern.compile and String.replaceAll without...

5.9AI score0.00086EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/03/31 4:56 p.m.1 views

CVE-2026-34360 HAPI FHIR: Unauthenticated Blind SSRF via /loadIG Endpoint Enables Internal Network Probing

HAPI FHIR is a complete implementation of the HL7 FHIR standard for healthcare interoperability in Java. Prior to version 6.9.4, the /loadIG HTTP endpoint in the FHIR Validator HTTP service accepts a user-supplied URL via JSON body and makes server-side HTTP requests to it without any hostname,...

5.8CVSS5.8AI score0.00235EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/02/25 12:0 a.m.10 views

OpenEMR 安全漏洞

OpenEMR is a set of open-source medical management systems developed by the OpenEMR community. This system can be used for medical practice management, electronic medical records, prescription writing, and medical billing applications. Versions of OpenEMR prior to 8.0.0 contained security...

7.1CVSS6AI score0.00266EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2024-2732

Malicious code in bioql PyPI...

8.6CVSS8.3AI score0.00975EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2025/05/23 6:25 a.m.5 views

CVE-2024-50589

An unauthenticated attacker with access to the local network of the medical office can query an unprotected Fast Healthcare Interoperability Resources FHIR API to get access to sensitive electronic health records EHR...

7.5CVSS6.7AI score0.00564EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2025/01/24 12:0 a.m.12 views

PT-2025-2936

Name of the Vulnerable Software and Affected Versions HL7 FHIR IG publisher versions prior to 1.7.4 Description The HL7 FHIR IG publisher is vulnerable to XML external entity injections due to XSLT transforms performed by various components. This issue can be exploited by submitting a malicious X...

8.6CVSS5.9AI score0.00547EPSS
Exploits0References14
NVD
NVD
added 2024/11/08 11:15 p.m.17 views

CVE-2024-52007

HAPI FHIR is a complete implementation of the HL7 FHIR standard for healthcare interoperability in Java. XSLT parsing performed by various components are vulnerable to XML external entity injections. A processed XML file with a malicious DTD tag could produce XML containing data from the host...

8.6CVSS0.00918EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2024/11/08 10:28 p.m.14 views

CVE-2024-52007 XXE vulnerability in XSLT parsing in `org.hl7.fhir.core`

HAPI FHIR is a complete implementation of the HL7 FHIR standard for healthcare interoperability in Java. XSLT parsing performed by various components are vulnerable to XML external entity injections. A processed XML file with a malicious DTD tag could produce XML containing data from the host...

8.6CVSS7AI score0.00918EPSS
Exploits0References6
CVE
CVE
added 2024/11/08 10:28 p.m.69 views

CVE-2024-52007

CVE-2024-52007 is an XXE vulnerability in XSLT parsing within the HAPI FHIR org.hl7.fhir.core components. The issue arises from XML external entity injections when processing XML with a malicious DTD, potentially allowing host data to be exposed. The Red Hat advisory notes this is fixed by upgrad...

8.6CVSS8.4AI score0.00918EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2024/09/06 7:14 p.m.26 views

CVE-2024-45294

A flaw was found in HAPI FHIR - HL7 FHIR Core Artifacts. eXtensible Stylesheet Language Transformations XSLT transforms performed by various components are vulnerable to XML external entity injections. A processed XML file with a malicious DTD tag could produce XML containing data from the host...

8.6CVSS6.4AI score0.00975EPSS
Exploits0References5
Rows per page
Query Builder