Skip to main content
CVE-2025-56005 CRITICAL POC PATCH Act Now

PLY (Python Lex-Yacc) library 3.11 has an unsafe feature enabling remote code execution through pickle deserialization of cached parser tables, with EPSS 0.91%.

Python RCE Deserialization Ply
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.9%
CVE-2025-55423 CRITICAL POC Act Now

Multiple ipTIME router models have a command injection vulnerability in the upnp_relay() function, allowing remote attackers to execute arbitrary OS commands through crafted UPnP requests.

Command Injection A104 Firmware A604mu Firmware Ax2004 Firmware N2plus I Firmware +159
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2026-23876 CRITICAL POC PATCH Act Now

Heap buffer overflow in ImageMagick's XBM image decoder (ReadXBMImage) lets remote attackers write attacker-controlled data past an allocated heap buffer by submitting a maliciously crafted XBM file, affecting all versions prior to 7.1.2-13 and 6.9.13-38. Because any read or identify operation triggers the flaw, it is reachable through ordinary image upload and conversion pipelines, raising the risk of memory corruption and potential remote code execution. Publicly available exploit code exists and a vendor patch is available, though EPSS exploitation probability remains low (0.08%) and it is not listed in CISA KEV.

Buffer Overflow Imagemagick Heap Overflow
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-53912 CRITICAL POC Act Now

MedDream PACS Premium 7.3.6.870 has an arbitrary file read vulnerability in the encapsulatedDoc feature that allows attackers to read sensitive server files including DICOM medical records.

Information Disclosure Pacs Server
NVD
CVSS 3.1
9.6
EPSS
0.2%
CVE-2026-23949 HIGH POC PATCH This Week

Jaraco.context versions 5.2.0 through 6.0.x contain a path traversal vulnerability in the tarball() function that allows attackers to extract files outside the intended directory when processing malicious tar archives, with public exploit code available. The vulnerability exploits insufficient path validation that fails to properly filter directory traversal sequences like `../`, potentially enabling unauthorized file extraction and nested tarball attacks. This affects all users processing untrusted tar archives with the vulnerable versions.

Path Traversal Jaraco.Context Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
8.6
EPSS
0.1%
CVE-2026-22219 HIGH POC PATCH This Week

Server-side request forgery in Chainlit before 2.9.4 lets an authenticated user coerce the server into fetching an attacker-supplied URL, exposing internal network services and cloud metadata endpoints. The flaw lives in the /project/element update flow specifically when Chainlit is deployed with the SQLAlchemy data layer backend, whose element-creation logic issues an outbound HTTP GET against a user-controlled url field and persists the response through the configured storage provider. Publicly available exploit code exists (documented in Zafran's 'ChainLeak' research), though the flaw is not listed in CISA KEV and its EPSS probability is low at 0.04%.

SSRF Chainlit
NVD GitHub
CVSS 4.0
8.3
EPSS
0.0%
CVE-2025-57156 HIGH POC PATCH This Week

NULL pointer dereference in the dacp_reply_playqueueedit_clear function in src/httpd_dacp.c in owntone-server through commit 6d604a1 (newer commit after version 28.12) allows remote attackers to cause a Denial of Service (crash). [CVSS 7.5 HIGH]

Null Pointer Dereference Denial Of Service Owntone Server Suse
NVD GitHub
CVSS 3.1
7.5
EPSS
0.2%
CVE-2025-66692 HIGH POC PATCH This Week

A buffer over-read in the PublicKey::verify() method of Binance - Trust Wallet Core before commit 5668c67 allows attackers to cause a Denial of Service (DoS) via a crafted input. [CVSS 7.5 HIGH]

Buffer Overflow Denial Of Service Trust Wallet Core
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-56353 HIGH POC This Week

In tinyMQTT commit 6226ade15bd4f97be2d196352e64dd10937c1962 (2024-02-18), a memory leak occurs due to the broker's failure to validate or reject malformed UTF-8 strings in topic filters. [CVSS 7.5 HIGH]

Denial Of Service Tinymqtt
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-66902 HIGH POC This Week

An input validation issue in in Pithikos websocket-server v.0.6.4 allows a remote attacker to obtain sensitive information or cause unexpected server behavior via the websocket_server/websocket_server.py, WebSocketServer._message_received components. [CVSS 7.5 HIGH]

Code Injection Websocket Server
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-63647 HIGH POC PATCH This Week

A NULL pointer dereference in the parse_meta function (src/httpd_daap.c) of owntone-server commit 334beb allows attackers to cause a Denial of Service (DoS) via sending a crafted DAAP request to the server. [CVSS 7.5 HIGH]

Null Pointer Dereference Denial Of Service Owntone Server Suse
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-22218 HIGH POC PATCH This Week

Arbitrary file read in Chainlit versions prior to 2.9.4 lets an authenticated user disclose any file readable by the Chainlit service process by abusing the /project/element update flow with a user-controlled path. The server copies the referenced file into the attacker's session and returns a chainlitKey usable at /project/file/<chainlitKey> to exfiltrate contents. Publicly available exploit code exists (documented as part of the 'ChainLeak' research by Zafran), though EPSS is very low (0.03%) and it is not on CISA KEV.

Path Traversal Chainlit
NVD GitHub
CVSS 4.0
7.1
EPSS
0.0%
CVE-2025-58095 MEDIUM POC This Month

Multiple reflected cross-site scripting (xss) vulnerabilities exist in the config.php functionality of MedDream PACS Premium 7.3.6.870. Specially crafted malicious URLs can lead to arbitrary javascript code execution. [CVSS 6.1 MEDIUM]

PHP XSS Pacs Server
NVD
CVSS 3.1
6.1
EPSS
0.1%
CVE-2025-58094 MEDIUM POC This Month

Multiple reflected cross-site scripting (xss) vulnerabilities exist in the config.php functionality of MedDream PACS Premium 7.3.6.870. Specially crafted malicious URLs can lead to arbitrary javascript code execution. [CVSS 6.1 MEDIUM]

PHP XSS Pacs Server
NVD
CVSS 3.1
6.1
EPSS
0.1%
CVE-2025-58093 MEDIUM POC This Month

Multiple reflected cross-site scripting (xss) vulnerabilities exist in the config.php functionality of MedDream PACS Premium 7.3.6.870. Specially crafted malicious URLs can lead to arbitrary javascript code execution. [CVSS 6.1 MEDIUM]

PHP XSS Pacs Server
NVD
CVSS 3.1
6.1
EPSS
0.1%
CVE-2025-58092 MEDIUM POC This Month

Multiple reflected cross-site scripting (xss) vulnerabilities exist in the config.php functionality of MedDream PACS Premium 7.3.6.870. Specially crafted malicious URLs can lead to arbitrary javascript code execution. [CVSS 6.1 MEDIUM]

PHP XSS Pacs Server
NVD
CVSS 3.1
6.1
EPSS
0.1%
CVE-2025-58091 MEDIUM POC This Month

Multiple reflected cross-site scripting (xss) vulnerabilities exist in the config.php functionality of MedDream PACS Premium 7.3.6.870. Specially crafted malicious URLs can lead to arbitrary javascript code execution. [CVSS 6.1 MEDIUM]

PHP XSS Pacs Server
NVD
CVSS 3.1
6.1
EPSS
0.1%
CVE-2025-58090 MEDIUM POC This Month

Multiple reflected cross-site scripting (xss) vulnerabilities exist in the config.php functionality of MedDream PACS Premium 7.3.6.870. Specially crafted malicious URLs can lead to arbitrary javascript code execution. [CVSS 6.1 MEDIUM]

PHP XSS Pacs Server
NVD
CVSS 3.1
6.1
EPSS
0.1%
CVE-2025-58089 MEDIUM POC This Month

Multiple reflected cross-site scripting (xss) vulnerabilities exist in the config.php functionality of MedDream PACS Premium 7.3.6.870. Specially crafted malicious URLs can lead to arbitrary javascript code execution. [CVSS 6.1 MEDIUM]

PHP XSS Pacs Server
NVD
CVSS 3.1
6.1
EPSS
0.1%
CVE-2025-58088 MEDIUM POC This Month

Multiple reflected cross-site scripting (xss) vulnerabilities exist in the config.php functionality of MedDream PACS Premium 7.3.6.870. Specially crafted malicious URLs can lead to arbitrary javascript code execution. [CVSS 6.1 MEDIUM]

PHP XSS Pacs Server
NVD
CVSS 3.1
6.1
EPSS
0.1%
CVE-2025-58087 MEDIUM POC This Month

Multiple reflected cross-site scripting (xss) vulnerabilities exist in the config.php functionality of MedDream PACS Premium 7.3.6.870. Specially crafted malicious URLs can lead to arbitrary javascript code execution. [CVSS 6.1 MEDIUM]

PHP XSS Pacs Server
NVD
CVSS 3.1
6.1
EPSS
0.1%
CVE-2025-57787 MEDIUM POC This Month

A reflected cross-site scripting (xss) vulnerability exists in the modifyRoute functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. [CVSS 6.1 MEDIUM]

XSS Pacs Server
NVD
CVSS 3.1
6.1
EPSS
0.1%
CVE-2025-55071 MEDIUM POC This Month

A reflected cross-site scripting (xss) vulnerability exists in the modifyAnonymize functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. [CVSS 6.1 MEDIUM]

XSS Pacs Server
NVD
CVSS 3.1
6.1
EPSS
0.1%
CVE-2025-54852 MEDIUM POC This Month

A reflected cross-site scripting (xss) vulnerability exists in the modifyAeTitle functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. [CVSS 6.1 MEDIUM]

XSS Pacs Server
NVD
CVSS 3.1
6.1
EPSS
0.1%
CVE-2025-53707 MEDIUM POC This Month

A reflected cross-site scripting (xss) vulnerability exists in the modifyTranscript functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. [CVSS 6.1 MEDIUM]

XSS Pacs Server
NVD
CVSS 3.1
6.1
EPSS
0.1%
CVE-2025-53516 MEDIUM POC This Month

A reflected cross-site scripting (xss) vulnerability exists in the downloadZip functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious url can lead to arbitrary javascript code execution. [CVSS 6.1 MEDIUM]

XSS Pacs Server
NVD
CVSS 3.1
6.1
EPSS
0.1%
CVE-2025-44000 MEDIUM POC This Month

A reflected cross-site scripting (xss) vulnerability exists in the sendOruReport functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. [CVSS 6.1 MEDIUM]

XSS Pacs Server
NVD
CVSS 3.1
6.1
EPSS
0.1%
CVE-2025-58080 MEDIUM POC This Month

A reflected cross-site scripting (xss) vulnerability exists in the modifyHL7App functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. [CVSS 6.1 MEDIUM]

XSS Pacs Server
NVD
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-57881 MEDIUM POC This Month

A reflected cross-site scripting (xss) vulnerability exists in the modifyEmail functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. [CVSS 6.1 MEDIUM]

XSS Pacs Server
NVD
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-57786 MEDIUM POC This Month

A reflected cross-site scripting (xss) vulnerability exists in the notifynewstudy functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. [CVSS 6.1 MEDIUM]

XSS Pacs Server
NVD
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-54861 MEDIUM POC This Month

A reflected cross-site scripting (xss) vulnerability exists in the modifyCoercion functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. [CVSS 6.1 MEDIUM]

XSS Pacs Server
NVD
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-54853 MEDIUM POC This Month

A reflected cross-site scripting (xss) vulnerability exists in the modifyUser functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. [CVSS 6.1 MEDIUM]

XSS Pacs Server
NVD
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-54817 MEDIUM POC This Month

A reflected cross-site scripting (xss) vulnerability exists in the autoPurge functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious url can lead to arbitrary javascript code execution. [CVSS 6.1 MEDIUM]

XSS Pacs Server
NVD
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-54814 MEDIUM POC This Month

A reflected cross-site scripting (xss) vulnerability exists in the modifyAutopurgeFilter functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. [CVSS 6.1 MEDIUM]

XSS Pacs Server
NVD
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-54778 MEDIUM POC This Month

A reflected cross-site scripting (xss) vulnerability exists in the existingUser functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. [CVSS 6.1 MEDIUM]

XSS Pacs Server
NVD
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-54495 MEDIUM POC This Month

A reflected cross-site scripting (xss) vulnerability exists in the emailfailedjob functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious url can lead to arbitrary javascript code execution. [CVSS 6.1 MEDIUM]

XSS Pacs Server
NVD
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-54157 MEDIUM POC This Month

A reflected cross-site scripting (xss) vulnerability exists in the encapsulatedDoc functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. [CVSS 6.1 MEDIUM]

XSS Pacs Server
NVD
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-53854 MEDIUM POC This Month

A reflected cross-site scripting (xss) vulnerability exists in the modifyHL7Route functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. [CVSS 6.1 MEDIUM]

XSS Pacs Server
NVD
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-46270 MEDIUM POC This Month

A reflected cross-site scripting (xss) vulnerability exists in the fetchPriorStudies functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. [CVSS 6.1 MEDIUM]

XSS Pacs Server
NVD
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-36556 MEDIUM POC This Month

A reflected cross-site scripting (xss) vulnerability exists in the ldapUser functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. [CVSS 6.1 MEDIUM]

LDAP XSS Pacs Server
NVD
CVSS 3.1
6.1
EPSS
0.0%
CVE-2026-21962 CRITICAL PATCH Act Now

Oracle HTTP Server and WebLogic Server Proxy Plug-in have a CVSS 10.0 access control vulnerability allowing unauthenticated network attackers to fully compromise the middleware layer.

Oracle Apache IIS Http Server Weblogic Server Proxy Plug In
NVD GitHub
CVSS 3.1
10.0
EPSS
0.0%
CVE-2026-21636 CRITICAL PATCH Act Now

Node.js has a CVSS 10.0 permission model bypass that allows Unix Domain Socket connections to completely bypass network restrictions when --allow-net is configured.

Node.js Privilege Escalation Node.Js Red Hat Suse
NVD
CVSS 3.1
10.0
EPSS
0.0%
CVE-2026-22844 CRITICAL Act Now

Zoom Node Multimedia Routers (MMRs) before version 5.2.1716.0 have a CVSS 9.9 command injection vulnerability allowing meeting participants to execute OS commands on the router.

Zoom RCE Command Injection
NVD
CVSS 3.1
9.9
EPSS
0.4%
CVE-2026-0933 CRITICAL PATCH Act Now

Cloudflare Wrangler CLI has a CVSS 9.9 command injection vulnerability in the 'wrangler pages deploy' command that allows arbitrary code execution during deployment.

Command Injection Wrangler Cloudflare
NVD GitHub
CVSS 3.1
9.9
EPSS
0.1%
CVE-2026-23950 MEDIUM POC PATCH This Month

Symlink poisoning via race condition in node-tar up to version 7.5.3 allows attackers to exploit Unicode normalization on case-insensitive filesystems like macOS APFS, where the path reservation system fails to serialize operations on colliding paths. Public exploit code exists for this vulnerability, enabling concurrent processing that bypasses internal safeguards. Node.js users and applications depending on vulnerable tar versions should update immediately, as attackers can leverage this to manipulate file operations during archive extraction.

Node.js Tar Apple RCE
NVD GitHub VulDB
CVSS 3.1
5.9
EPSS
0.0%
CVE-2026-21969 CRITICAL Act Now

Oracle Agile PLM for Process has a CVSS 9.8 vulnerability in the Supply Chain Sourcing component that allows unauthenticated remote attackers to fully compromise the system.

Oracle Agile Product Lifecycle Management For Process
NVD
CVSS 3.1
9.8
EPSS
0.2%
CVE-2025-14533 CRITICAL Act Now

Advanced Custom Fields: Extended plugin for WordPress has a privilege escalation vulnerability allowing unauthenticated users to gain admin access in all versions up to the latest.

WordPress Privilege Escalation PHP
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-1221 CRITICAL Act Now

PrismX MX100 AP controller by BROWAN has hard-coded credentials that allow remote attackers to gain full administrative access to the wireless network controller.

Authentication Bypass
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-0907 CRITICAL PATCH Act Now

Chrome Split View prior to 144.0.7559.59 has a UI spoofing vulnerability that allows remote attackers to display misleading content in the split view interface.

Google Chrome Red Hat Suse
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-0906 CRITICAL PATCH Act Now

Chrome for Android prior to 144.0.7559.59 has a security UI spoofing vulnerability that allows remote attackers to display misleading security indicators.

Google Android Chrome Suse
NVD
CVSS 3.1
9.8
EPSS
0.1%
Page 1 of 5 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy