CVE-2026-34361 HAPI FHIR: Unauthenticated SSRF via /loadIG Chains with startsWith() Credential Leak for Authentication Token Theft

HAPI FHIR is a complete implementation of the HL7 FHIR standard for healthcare interoperability in Java. Prior to version 6.9.4, the FHIR Validator HTTP service exposes an unauthenticated "/loadIG" endpoint that makes outbound HTTP requests to attacker-controlled URLs. Combined with a startsWith...

CVE-2026-34360

CVE-2026-34360 / GHSA-3WW8-JW56-9F5H : The FHIR Validator HTTP service exposes an unauthenticated /loadIG endpoint that can perform blind SSRF. Root cause: user-supplied IG URL is not validated; allowedDomains is empty by default, and redirects aren’t re-validated, enabling requests to internal n...

[SECURITY] Fedora 43 Update: wordpress-6.9.4-1.fc43

Wordpress is an online publishing / weblog package that makes it very easy, almost trivial, to get information out to people on the web. Important information in /usr/share/doc/wordpress/README.fedora...

WordPress WP Visitor Statistics (Real Time Traffic) Plugin <= 6.9.4 is vulnerable to Sensitive Data Exposure

Software WP Visitor Statistics Real Time Traffic Type Plugin Vulnerable versions = 6.9.4 Fixed in 6.9.5 OWASP Top 10 A9: Security Logging and Monitoring Failures Classification Sensitive Data Exposure CVE CVE-2024-24867 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID...

CVE-2021-31869

Pimcore AdminBundle version 6.8.0 and earlier suffers from a SQL injection issue in the specificID variable used by the application. This issue was fixed in version 6.9.4 of the product...

Sql injection

Pimcore AdminBundle version 6.8.0 and earlier suffers from a SQL injection issue in the specificID variable used by the application. This issue was fixed in version 6.9.4 of the product...

Security fix for the ALT Linux 8 package oniguruma version 6.9.4-alt1

6.9.4-alt1 built Dec. 4, 2019 Anton Farygin in task 242251 Dec. 2, 2019 Anton Farygin - 6.9.4 - fixes: CVE-2019-19012 Integer overflow related to reg-dmax in searchinrange CVE-2019-19203 heap-buffer-overflow in gb18030mbcenclen CVE-2019-19204 heap-buffer-overflow in fetchintervalquantifier...

ImageMagick 'coders/rle.c' Remote Buffer Overflow Vulnerability - Mac OS X

ImageMagick is prone to a buffer overflow vulnerability. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:imagemagick:imagemagick"...

ImageMagick Mat File Multiple Denial of Service Vulnerabilities - Mac OS X

ImageMagick is prone to multiple denial of service vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

ImageMagick Out Of Bounds Memory Read Vulnerability - Windows

ImageMagick is prone to an out of bounds memory read vulnerability. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...