Lucene search
K

8 matches found

Positive Technologies
Positive Technologies
added 2026/04/29 12:0 a.m.7 views

PT-2026-35981

Merge PACS 7.0 contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized actions by crafting malicious HTML forms targeting the merge-viewer endpoint. Attackers can submit POST requests to /servlet/actions/merge-viewer/summary with login credentials to hija...

6.9CVSS5.2AI score0.00138EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/08/23 8:13 p.m.8 views

CVE-2025-27721

Unauthorized users can access INFINITT PACS System Manager without proper authorization, which could lead to unauthorized access to system resources...

8.7CVSS7.1AI score0.00313EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/08/21 7:44 p.m.11 views

CVE-2025-24489 INFINITT Healthcare INFINITT PACS Unrestricted Upload of File with Dangerous Type

An attacker could exploit this vulnerability by uploading arbitrary files via a specific service, which could lead to system compromise...

6.3CVSS0.00255EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/08/21 7:42 p.m.12 views

CVE-2025-27714 INFINITT Healthcare INFINITT PACS Unrestricted Upload of File with Dangerous Type

An attacker could exploit this vulnerability by uploading arbitrary files via the a specific endpoint, leading to unauthorized remote code execution or system compromise...

6.3CVSS0.00306EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/08/21 7:33 p.m.7 views

CVE-2025-27721 INFINITT Healthcare INFINITT PACS Exposure of Sensitive System Information to an Unauthorized Control Sphere

Unauthorized users can access INFINITT PACS System Manager without proper authorization, which could lead to unauthorized access to system resources...

8.7CVSS7AI score0.00313EPSS
Exploits0References1
NVD
NVD
added 2025/08/18 10:15 p.m.9 views

CVE-2025-53948

The Sante PACS Server allows a remote attacker to crash the main thread by sending a crafted HL7 message, causing a denial-of-service condition. The application would require a manual restart and no authentication is required...

8.7CVSS0.00703EPSS
Exploits0References1
OSV
OSV
added 2024/07/18 5:15 p.m.4 views

CVE-2023-40704

The product does not require unique and complex passwords to be created during installation. Using Philips's default password could jeopardize the PACS system if the password was hacked or leaked. An attacker could gain access to the database impacting system availability and data integrity...

9.8CVSS5.8AI score0.00338EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2022/12/26 12:0 a.m.3 views

PT-2022-10902 · Philips · Philips Vue Myvue Pacs

Name of the Vulnerable Software and Affected Versions: Philips Vue MyVue PACS versions prior to 12.2.x.x Description: The issue allows authenticated users to perform Path Traversal, accessing files stored outside of the web root through the VideoStream function. Recommendations: For Philips Vue...

6.5CVSS6.9AI score0.00864EPSS
Exploits0References5
Rows per page
Query Builder