| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-34361 | HAPI FHIR: Unauthenticated SSRF via /loadIG Chains with startsWith() Credential Leak for Authentication Token Theft | hapifhir | org.hl7.fhir.core | Critical | 9.3 | 2026-03-31 16:56:11 | Deep Dive |
| CVE-2026-34360 | HAPI FHIR: Unauthenticated Blind SSRF via /loadIG Endpoint Enables Internal Network Probing | hapifhir | org.hl7.fhir.core | Medium | 5.8 | 2026-03-31 16:56:05 | Deep Dive |
| CVE-2026-34359 | HAPI FHIR: Authentication Credential Leakage via Improper URL Prefix Matching on HTTP Redirect in HAPI FHIR Core | hapifhir | org.hl7.fhir.core | High | 7.4 | 2026-03-31 16:56:01 | Deep Dive |
| CVE-2026-33180 | HAPI FHIR HTTP authentication leak in redirects | hapifhir | org.hl7.fhir.core | High | 7.5 | 2026-03-20 22:20:00 | Deep Dive |
| CVE-2024-52007 | XXE vulnerability in XSLT parsing in `org.hl7.fhir.core` | hapifhir | org.hl7.fhir.core | High | 8.6 | 2024-11-08 22:28:20 | Deep Dive |
| CVE-2024-45294 | `org.hl7.fhir.core` XXE vulnerability in XSLT transforms | hapifhir | org.hl7.fhir.core | High | 8.6 | 2024-09-06 15:46:14 | Deep Dive |