CVE-2026-3650 describes a denial-of-service condition in the Grassroots DICOM (GDCM) library. When the parser processes malformed DICOM files with non-standard VR types in file meta information, it can trigger very large allocations and fail to release memory properly, allowing a malicious file to consume heap space in a single read. The result is resource depletion and service impact rather than code exe [truncated]
CVE-2025-12699 is a client-side injection issue in the ZOLL ePCR iOS Mobile Application 2.6.7. In CISA's 2026-02-10 advisory, attacker-controlled text entered into PCR fields such as run number, incident, call sign, and notes can be rendered in a WebView without proper sanitization and interpreted as HTML/JavaScript. The advisory's proof of concept shows injected script returning local file content, which [truncated]
