Lucene search
K

1068 matches found

Snyk
Snyk
added 2026/03/09 9:48 p.m.8 views

Out-of-bounds Read

Overview Magick.NET-Q16-HDRI-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

5.5CVSS6AI score0.00105EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/03/06 12:0 a.m.5 views

Amazon Linux 2023 : python3-pillow, python3-pillow-devel, python3-pillow-tk (ALAS2023-2026-1452)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1452 advisory. Pillow is a Python imaging library. From 10.3.0 to before 12.1.1, n out-of-bounds write may be triggered when loading a specially crafted PSD image. This vulnerability is fixed in 12.1.1. CVE-2026-2599...

8.6CVSS6.1AI score0.00367EPSS
Exploits1References4
NVD
NVD
added 2026/03/02 12:15 p.m.5 views

CVE-2025-10350

SQL Injection vulnerability in "imageserver" module when processing C-FIND queries in CGM NETRAAD software allows attacker connected to PACS gaining access to database, including data processed by GCM CLININET software.This issue affects CGM NETRAAD with imageserver module in versions before 7.9....

8.8CVSS0.00186EPSS
Exploits0References2
Rapid7 Blog
Rapid7 Blog
added 2026/02/25 4:21 p.m.11 views

Your MRI is Online: The Hidden Risks of Exposed DICOM Servers in UK Healthcare

Hospitals invest heavily in physical security: Clinical areas are access-controlled, sensitive rooms are locked, and patient records are governed by strict handling procedures. Network exposure does not always receive the same level of scrutiny. Rapid7 Labs identified more than 30 UK-based system...

5.6AI score
Exploits0
Vulnrichment
Vulnrichment
added 2026/02/24 1:18 a.m.2 views

CVE-2026-25898 Imagemagick Has Global Buffer Overflow (OOB Read) via Negative Pixel Index in UIL and XPM Writer

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, the UIL and XPM image encoder do not validate the pixel index value returned by GetPixelIndex before using it as an array subscript. In HDRI builds, Quantum is ...

6.5CVSS5.8AI score0.00348EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/02/22 1:28 a.m.5 views

CVE-2026-2034

Sante DICOM Viewer Pro DCM File Parsing Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sante DICOM Viewer Pro. User interaction is required to exploit this vulnerability in that the target must...

7.8CVSS6.4AI score0.00319EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/02/20 12:0 a.m.10 views

Santesoft Sante DICOM Viewer Pro 安全漏洞

Santesoft Sante DICOM Viewer Pro is a powerful viewer, anonymizer, converter, and PACS client developed by Santesoft in Cyprus. It is suitable for DICOM files from all formats and manufacturers. Sante DICOM Viewer Pro has a security vulnerability that stems from the lack of verification of the da...

7.8CVSS7.5AI score0.00319EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/02/11 12:0 a.m.8 views

Apple iOS和Apple iPadOS 安全漏洞

Apple iOS and Apple iPadOS are products of the American company Apple. Apple iOS is an operating system developed for mobile devices. Apple iPadOS is an operating system for iPad tablets. There were security vulnerabilities in versions of Apple iOS prior to 26.3 and Apple iPadOS prior to 26.3...

4.6CVSS5.8AI score0.00159EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/02/03 9:27 a.m.31 views

CVE-2025-41065 Stored Cross-Site Scripting (XSS) in LUNA from Luna Imaging

Stored Cross-Site Scripting XSS vulnerability type in LUNA software v7.5.5.6. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by inyecting a malicious payload through the 'Edit Batch Name' function. THe payload is stored by the application and subsequently...

5.1CVSS0.00243EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/02/03 9:27 a.m.5 views

CVE-2025-41065 Stored Cross-Site Scripting (XSS) in LUNA from Luna Imaging

Stored Cross-Site Scripting XSS vulnerability type in LUNA software v7.5.5.6. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by inyecting a malicious payload through the 'Edit Batch Name' function. THe payload is stored by the application and subsequently...

5.1CVSS5.8AI score0.00243EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/02/02 9:9 p.m.6 views

CVE-2026-22778 vLLM leaks a heap address when PIL throws an error

vLLM is an inference and serving engine for large language models LLMs. From 0.8.3 to before 0.14.1, when an invalid image is sent to vLLM's multimodal endpoint, PIL throws an error. vLLM returns this error to the client, leaking a heap address. With this leak, we reduce ASLR from 4 billion guess...

9.8CVSS6AI score0.03816EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/01/29 2:28 p.m.31 views

CVE-2020-37009 MedDream PACS Server 6.8.3.751 - Remote Code Execution

MedDream PACS Server 6.8.3.751 contains an authenticated remote code execution vulnerability that allows authorized users to upload malicious PHP files. Attackers can exploit the uploadImage.php endpoint by authenticating and uploading a PHP shell to execute arbitrary system commands with elevate...

8.8CVSS0.00521EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/01/29 12:0 a.m.5 views

MedDream PACS Server security vulnerability

MedDream PACS Server is a picture archiving and communication system developed by MedDream Corporation. It is used for storing, archiving, managing, and viewing medical images. Version 6.8.3.751 of MedDream PACS Server has a security vulnerability. This vulnerability stems from the uploadImage.ph...

8.8CVSS6.1AI score0.00521EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/01/23 12:19 a.m.5 views

CVE-2026-24138

FOG is a free open-source cloning/imaging/rescue suite/inventory management system. Versions 1.5.10.1754 and below contain an unauthenticated SSRF vulnerability in getversion.php which can be triggered by providing a user-controlled url parameter. It can be used to fetch both internal websites an...

7.5CVSS5.5AI score0.0038EPSS
Exploits0References2Affected Software1
RedhatCVE
RedhatCVE
added 2026/01/21 3:27 p.m.8 views

CVE-2025-54157

A reflected cross-site scripting xss vulnerability exists in the encapsulatedDoc functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability...

6.1CVSS5.6AI score0.00286EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/21 3:27 p.m.6 views

CVE-2025-46270

A reflected cross-site scripting xss vulnerability exists in the fetchPriorStudies functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability...

6.1CVSS5.6AI score0.00286EPSS
Exploits1References1
OSV
OSV
added 2026/01/20 3:17 p.m.4 views

CVE-2025-58080

A reflected cross-site scripting xss vulnerability exists in the modifyHL7App functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability...

5.4CVSS5.9AI score0.00235EPSS
Exploits1References2
NVD
NVD
added 2026/01/20 3:17 p.m.11 views

CVE-2025-58080

A reflected cross-site scripting xss vulnerability exists in the modifyHL7App functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability...

6.1CVSS0.00235EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/01/20 2:50 p.m.5 views

CVE-2025-54495

A reflected cross-site scripting xss vulnerability exists in the emailfailedjob functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious url can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability...

6.1CVSS5.5AI score0.00286EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/01/20 2:49 p.m.2 views

CVE-2025-53707

A reflected cross-site scripting xss vulnerability exists in the modifyTranscript functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability...

6.1CVSS5.6AI score0.00317EPSS
Exploits1References1
Rows per page
Query Builder