CVE-2026-34360 HAPI FHIR: Unauthenticated Blind SSRF via /loadIG Endpoint Enables Internal Network Probing

HAPI FHIR is a complete implementation of the HL7 FHIR standard for healthcare interoperability in Java. Prior to version 6.9.4, the /loadIG HTTP endpoint in the FHIR Validator HTTP service accepts a user-supplied URL via JSON body and makes server-side HTTP requests to it without any hostname,...

CVE-2022-47925

The validate JSON endpoint of the Secvisogram csaf-validator-service in versions 0.1.0 processes tests with unexpected names. This insufficient input validation of requests by an unauthenticated remote user might lead to a partial DoS of the service. Only the request of the attacker is affected b...

CVE-2022-47925

The validate JSON endpoint of the Secvisogram csaf-validator-service in versions 0.1.0 processes tests with unexpected names. This insufficient input validation of requests by an unauthenticated remote user might lead to a partial DoS of the service. Only the request of the attacker is affected b...

CVE-2022-47925

The CVE-2022-47925 affects the Secvisogram csaf-validator-service prior to version 0.1.0. The Vulnerability is in the validate JSON endpoint where insufficient input validation allows an unauthenticated remote user to cause a partial DoS of the service by sending tests with unexpected names. Per ...

PT-2023-15530 · Secvisogram · Csaf-Validator-Service

Name of the Vulnerable Software and Affected Versions: Secvisogram csaf-validator-service versions prior to 0.1.0 Description: The issue is related to insufficient input validation of requests by an unauthenticated remote user, which might lead to a partial Denial of Service DoS of the service...

Secvisogram csaf-validator-service 输入验证错误漏洞

Secvisogram is a web tool from Secvisogram open source. It is used to create and edit security advisories in CSAF 2.0 format. An input validation error vulnerability exists in Secvisogram csaf-validator-service versions prior to 0.1.0, which stems from insufficient input validation. An attacker...

CVE-2020-15639

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Marvell QConvergeConsole 5.5.0.64. Authentication is not required to exploit this vulnerability. The specific flaw exists within the decryptFile method of the FlashValidatorServiceImpl class. The iss...

Marvell QConvergeConsole Remote Code Execution Vulnerability (CNVD-2020-46340)

Marvell QConvergeConsole QCC is a unified adapter management software across data centers from Marvell. The software is primarily used for Ethernet and Fibre Channel adapter management, among other things. A security vulnerability in the decryptFile method of the FlashValidatorServiceImpl class i...