Santesoft Sante Pacs Server — known CVE vulnerabilities
Every CVE whose affected-product data names Santesoft Sante Pacs Server, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (16)
CVE-2023-51637 — CVSS 9.8 (critical): Sante PACS Server PG Patient Query SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute…
CVE-2024-1863 — CVSS 9.8 (critical): Sante PACS Server Token Endpoint SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute…
CVE-2022-2272 — CVSS 9.8 (critical): This vulnerability allows remote attackers to bypass authentication on affected installations of Sante PACS Server 3.0.4. Authentication is…
CVE-2025-2263 — CVSS 9.8 (critical): During login to the web server in "Sante PACS Server.exe", OpenSSL function EVP_DecryptUpdate is called to decrypt the username and…
CVE-2025-2264 — CVSS 7.5 (high): A Path Traversal Information Disclosure vulnerability exists in "Sante PACS Server.exe". An unauthenticated remote attacker can exploit it…
CVE-2025-0569 — CVSS 7.5 (high): Sante PACS Server DCM File Parsing Memory Corruption Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create…
CVE-2025-0568 — CVSS 7.5 (high): Sante PACS Server DCM File Parsing Memory Corruption Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create…
CVE-2025-0574 — CVSS 7.5 (high): Sante PACS Server URL path Memory Corruption Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a…
CVE-2025-53948 — CVSS 7.5 (high): The Sante PACS Server allows a remote attacker to crash the main thread by sending a crafted HL7 message, causing a denial-of-service…
CVE-2025-0571 — CVSS 6.5 (medium): Sante PACS Server Web Portal DCM File Parsing Memory Corruption Denial-of-Service Vulnerability. This vulnerability allows remote attackers…
CVE-2025-0570 — CVSS 6.5 (medium): Sante PACS Server Web Portal DCM File Parsing Memory Corruption Denial-of-Service Vulnerability. This vulnerability allows remote attackers…
CVE-2025-54759 — CVSS 6.1 (medium): Sante PACS Server is vulnerable to stored cross-site scripting. An attacker could inject malicious HTML codes redirecting a user to a…
CVE-2025-54862 — CVSS 5.4 (medium): Sante PACS Server web portal is vulnerable to stored cross-site scripting. An attacker could inject malicious HTML codes redirecting a user…