1068 matches found
Out-of-bounds Read
Overview Magick.NET-Q16-HDRI-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...
Amazon Linux 2023 : python3-pillow, python3-pillow-devel, python3-pillow-tk (ALAS2023-2026-1452)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1452 advisory. Pillow is a Python imaging library. From 10.3.0 to before 12.1.1, n out-of-bounds write may be triggered when loading a specially crafted PSD image. This vulnerability is fixed in 12.1.1. CVE-2026-2599...
CVE-2025-10350
SQL Injection vulnerability in "imageserver" module when processing C-FIND queries in CGM NETRAAD software allows attacker connected to PACS gaining access to database, including data processed by GCM CLININET software.This issue affects CGM NETRAAD with imageserver module in versions before 7.9....
Your MRI is Online: The Hidden Risks of Exposed DICOM Servers in UK Healthcare
Hospitals invest heavily in physical security: Clinical areas are access-controlled, sensitive rooms are locked, and patient records are governed by strict handling procedures. Network exposure does not always receive the same level of scrutiny. Rapid7 Labs identified more than 30 UK-based system...
CVE-2026-25898 Imagemagick Has Global Buffer Overflow (OOB Read) via Negative Pixel Index in UIL and XPM Writer
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, the UIL and XPM image encoder do not validate the pixel index value returned by GetPixelIndex before using it as an array subscript. In HDRI builds, Quantum is ...
CVE-2026-2034
Sante DICOM Viewer Pro DCM File Parsing Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sante DICOM Viewer Pro. User interaction is required to exploit this vulnerability in that the target must...
Santesoft Sante DICOM Viewer Pro 安全漏洞
Santesoft Sante DICOM Viewer Pro is a powerful viewer, anonymizer, converter, and PACS client developed by Santesoft in Cyprus. It is suitable for DICOM files from all formats and manufacturers. Sante DICOM Viewer Pro has a security vulnerability that stems from the lack of verification of the da...
Apple iOS和Apple iPadOS 安全漏洞
Apple iOS and Apple iPadOS are products of the American company Apple. Apple iOS is an operating system developed for mobile devices. Apple iPadOS is an operating system for iPad tablets. There were security vulnerabilities in versions of Apple iOS prior to 26.3 and Apple iPadOS prior to 26.3...
CVE-2025-41065 Stored Cross-Site Scripting (XSS) in LUNA from Luna Imaging
Stored Cross-Site Scripting XSS vulnerability type in LUNA software v7.5.5.6. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by inyecting a malicious payload through the 'Edit Batch Name' function. THe payload is stored by the application and subsequently...
CVE-2025-41065 Stored Cross-Site Scripting (XSS) in LUNA from Luna Imaging
Stored Cross-Site Scripting XSS vulnerability type in LUNA software v7.5.5.6. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by inyecting a malicious payload through the 'Edit Batch Name' function. THe payload is stored by the application and subsequently...
CVE-2026-22778 vLLM leaks a heap address when PIL throws an error
vLLM is an inference and serving engine for large language models LLMs. From 0.8.3 to before 0.14.1, when an invalid image is sent to vLLM's multimodal endpoint, PIL throws an error. vLLM returns this error to the client, leaking a heap address. With this leak, we reduce ASLR from 4 billion guess...
CVE-2020-37009 MedDream PACS Server 6.8.3.751 - Remote Code Execution
MedDream PACS Server 6.8.3.751 contains an authenticated remote code execution vulnerability that allows authorized users to upload malicious PHP files. Attackers can exploit the uploadImage.php endpoint by authenticating and uploading a PHP shell to execute arbitrary system commands with elevate...
MedDream PACS Server security vulnerability
MedDream PACS Server is a picture archiving and communication system developed by MedDream Corporation. It is used for storing, archiving, managing, and viewing medical images. Version 6.8.3.751 of MedDream PACS Server has a security vulnerability. This vulnerability stems from the uploadImage.ph...
CVE-2026-24138
FOG is a free open-source cloning/imaging/rescue suite/inventory management system. Versions 1.5.10.1754 and below contain an unauthenticated SSRF vulnerability in getversion.php which can be triggered by providing a user-controlled url parameter. It can be used to fetch both internal websites an...
CVE-2025-54157
A reflected cross-site scripting xss vulnerability exists in the encapsulatedDoc functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability...
CVE-2025-46270
A reflected cross-site scripting xss vulnerability exists in the fetchPriorStudies functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability...
CVE-2025-58080
A reflected cross-site scripting xss vulnerability exists in the modifyHL7App functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability...
CVE-2025-58080
A reflected cross-site scripting xss vulnerability exists in the modifyHL7App functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability...
CVE-2025-54495
A reflected cross-site scripting xss vulnerability exists in the emailfailedjob functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious url can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability...
CVE-2025-53707
A reflected cross-site scripting xss vulnerability exists in the modifyTranscript functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability...