1820 matches found
EUVD-2026-39582
vtk vtk-dicom vtkDICOMItem::NewDataElement heap-based buffer overflow vulnerability...
EUVD-2026-39562
The qrscp application's C-STORE handler uses a specific instance from attacker-supplied DICOM datasets directly in os.path.join without sanitization, allowing file writes to arbitrary paths...
Astra Linux – Vulnerability in dcmtk
DCMTK through version 3.6.6 does not handle memory deallocation properly. The object in the program is freed, but its address is still used in other locations. Sending specific requests to the dcmqrdb program will lead to a double-free. An attacker can use this vulnerability to launch a DoS attac...
CVE-2026-50034
creationtimestamp| type| source ---|---|--- 2026-06-18 05:00:00+00:00| seen| https://www.cisa.gov/news-events/ics-medical-advisories/icsma-26-169-01 2026-06-18 20:07:56+00:00| seen| https://bsky.app/profile/boredchilada.bsky.social/post/3molmxpdsxc2g...
Chinese Hackers Abused Google Workspace Rules to Steal Research and Defense Emails
A China-linked espionage group hid inside North American medical, academic, and military research networks for more than a year, quietly stealing sensitive research and defense email. The way in was a backdoor on their REDCap research servers that stole login credentials. The exfiltration was the...
EUVD-2026-36681
A security flaw has been discovered in medkey-org medkey up to fc09b7ba9441ff590b72d428d5380834216b09ed. Impacted is the function actionGetPatientById of the file app\modules\medical\port\rest\controllers\PatientController.php of the component HTTP REST API. The manipulation of the argument ID...
CVE-2025-67437
Medical Management System a81df1ce700a9662cb136b27af47f4cbde64156b is vulnerable to Insecure Permissions, which allows arbitrary user password reset...
CVE-2025-4386
Medtronic MyCareLink Patient Monitor has an internal serial interface, which allows an attacker with physical access to access a login prompt via a UART terminal....
DICOM, Pydicom, GDCM, and Orthanc: A technical tour of what really happens in the heap
Over the last decade, DICOM parsing has become an active research topic. The reason is simple: DICOM is both critical and complicated. Hospitals rely on DICOM-based PACS systems, and those systems often automatically ingest files received over the network. That means malformed data could directly...
CVE-2026-5768
creationtimestamp| type| source ---|---|--- 2026-05-28 05:00:00+00:00| seen| https://www.cisa.gov/news-events/ics-medical-advisories/icsma-26-148-01 2026-05-29 19:01:52+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mmz7x3hftc22 2026-05-29 20:34:28+00:00| seen|...
SAMD: A Tool for Identifying False Data Injection Scenarios in AI/ML-Enabled Medical Devices
The growing integration of artificial intelligence AI and machine learning ML in medical systems requires effective measures to address emerging security risks. One such risk is that of adversaries introducing false data through vulnerable system components during inference, causing misdiagnosis...
CVE-2018-25372 MedDream PACS Server Premium 6.7.1.1 SQL Injection via email
MedDream PACS Server Premium 6.7.1.1 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the email parameter. Attackers can submit crafted POST requests to the userSignup.php endpoint with SQL payloads ...
Softneta MedDream PACS Server Premium 路径遍历漏洞
Softneta MedDream PACS Server Premium is a medical image storage and reading platform from Softneta. A path traversal vulnerability exists in Softneta MedDream PACS Server Premium version 6.7.1.1, which originates from a directory traversal and could allow an unauthenticated attacker to read...
Biometrics, diagnoses, and bank details exposed in major healthcare breach
NYC Health + Hospitals NYC H+H posted a data breach notice about a months‑long breach via a third‑party vendor that exposed highly sensitive patient and employee data for at least 1.8 million people, including medical records, government IDs, geolocation data, and even fingerprint and palm‑print...
CVE-2026-25110 Sensors_medical_sensor has a NULL pointer dereference vulnerability
in OpenHarmony v6.0 and prior versions allow a local attacker cause DOS...
CVE-2026-25110 Sensors_medical_sensor has a NULL pointer dereference vulnerability
in OpenHarmony v6.0 and prior versions allow a local attacker cause DOS...
CVE-2026-25110
CVE-2026-25110 affects OpenHarmony v6.0 and earlier, where the Sensors_medical_sensor contains a NULL pointer dereference vulnerability that can be triggered locally to cause a denial of service. The description indicates a local attacker can induce a crash/DOS, but the connected documents do not...
CVE-2025-67437
Medical Management System a81df1ce700a9662cb136b27af47f4cbde64156b is vulnerable to Insecure Permissions, which allows arbitrary user password reset...
CVE-2025-67437
Medical Management System a81df1ce700a9662cb136b27af47f4cbde64156b is vulnerable to Insecure Permissions, which allows arbitrary user password reset...
On-Device Interpretable Tsetlin Machine-Based Intrusion Detection for Secure IoMT
The rapid evolution of digital health technologies is redefining healthcare services worldwide. The integration of wireless communication and Internet-enabled medical devices within Internet of Medical Things IoMT networks enables continuous, real-time patient monitoring. However, this increased...