Skip to main content
CVE-2025-58095 MEDIUM POC This Month

Multiple reflected cross-site scripting (xss) vulnerabilities exist in the config.php functionality of MedDream PACS Premium 7.3.6.870. Specially crafted malicious URLs can lead to arbitrary javascript code execution. [CVSS 6.1 MEDIUM]

PHP XSS Pacs Server
NVD
CVSS 3.1
6.1
EPSS
0.1%
CVE-2025-58094 MEDIUM POC This Month

Multiple reflected cross-site scripting (xss) vulnerabilities exist in the config.php functionality of MedDream PACS Premium 7.3.6.870. Specially crafted malicious URLs can lead to arbitrary javascript code execution. [CVSS 6.1 MEDIUM]

PHP XSS Pacs Server
NVD
CVSS 3.1
6.1
EPSS
0.1%
CVE-2025-58093 MEDIUM POC This Month

Multiple reflected cross-site scripting (xss) vulnerabilities exist in the config.php functionality of MedDream PACS Premium 7.3.6.870. Specially crafted malicious URLs can lead to arbitrary javascript code execution. [CVSS 6.1 MEDIUM]

PHP XSS Pacs Server
NVD
CVSS 3.1
6.1
EPSS
0.1%
CVE-2025-58092 MEDIUM POC This Month

Multiple reflected cross-site scripting (xss) vulnerabilities exist in the config.php functionality of MedDream PACS Premium 7.3.6.870. Specially crafted malicious URLs can lead to arbitrary javascript code execution. [CVSS 6.1 MEDIUM]

PHP XSS Pacs Server
NVD
CVSS 3.1
6.1
EPSS
0.1%
CVE-2025-58091 MEDIUM POC This Month

Multiple reflected cross-site scripting (xss) vulnerabilities exist in the config.php functionality of MedDream PACS Premium 7.3.6.870. Specially crafted malicious URLs can lead to arbitrary javascript code execution. [CVSS 6.1 MEDIUM]

PHP XSS Pacs Server
NVD
CVSS 3.1
6.1
EPSS
0.1%
CVE-2025-58090 MEDIUM POC This Month

Multiple reflected cross-site scripting (xss) vulnerabilities exist in the config.php functionality of MedDream PACS Premium 7.3.6.870. Specially crafted malicious URLs can lead to arbitrary javascript code execution. [CVSS 6.1 MEDIUM]

PHP XSS Pacs Server
NVD
CVSS 3.1
6.1
EPSS
0.1%
CVE-2025-58089 MEDIUM POC This Month

Multiple reflected cross-site scripting (xss) vulnerabilities exist in the config.php functionality of MedDream PACS Premium 7.3.6.870. Specially crafted malicious URLs can lead to arbitrary javascript code execution. [CVSS 6.1 MEDIUM]

PHP XSS Pacs Server
NVD
CVSS 3.1
6.1
EPSS
0.1%
CVE-2025-58088 MEDIUM POC This Month

Multiple reflected cross-site scripting (xss) vulnerabilities exist in the config.php functionality of MedDream PACS Premium 7.3.6.870. Specially crafted malicious URLs can lead to arbitrary javascript code execution. [CVSS 6.1 MEDIUM]

PHP XSS Pacs Server
NVD
CVSS 3.1
6.1
EPSS
0.1%
CVE-2025-58087 MEDIUM POC This Month

Multiple reflected cross-site scripting (xss) vulnerabilities exist in the config.php functionality of MedDream PACS Premium 7.3.6.870. Specially crafted malicious URLs can lead to arbitrary javascript code execution. [CVSS 6.1 MEDIUM]

PHP XSS Pacs Server
NVD
CVSS 3.1
6.1
EPSS
0.1%
CVE-2025-57787 MEDIUM POC This Month

A reflected cross-site scripting (xss) vulnerability exists in the modifyRoute functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. [CVSS 6.1 MEDIUM]

XSS Pacs Server
NVD
CVSS 3.1
6.1
EPSS
0.1%
CVE-2025-55071 MEDIUM POC This Month

A reflected cross-site scripting (xss) vulnerability exists in the modifyAnonymize functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. [CVSS 6.1 MEDIUM]

XSS Pacs Server
NVD
CVSS 3.1
6.1
EPSS
0.1%
CVE-2025-54852 MEDIUM POC This Month

A reflected cross-site scripting (xss) vulnerability exists in the modifyAeTitle functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. [CVSS 6.1 MEDIUM]

XSS Pacs Server
NVD
CVSS 3.1
6.1
EPSS
0.1%
CVE-2025-53707 MEDIUM POC This Month

A reflected cross-site scripting (xss) vulnerability exists in the modifyTranscript functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. [CVSS 6.1 MEDIUM]

XSS Pacs Server
NVD
CVSS 3.1
6.1
EPSS
0.1%
CVE-2025-53516 MEDIUM POC This Month

A reflected cross-site scripting (xss) vulnerability exists in the downloadZip functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious url can lead to arbitrary javascript code execution. [CVSS 6.1 MEDIUM]

XSS Pacs Server
NVD
CVSS 3.1
6.1
EPSS
0.1%
CVE-2025-44000 MEDIUM POC This Month

A reflected cross-site scripting (xss) vulnerability exists in the sendOruReport functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. [CVSS 6.1 MEDIUM]

XSS Pacs Server
NVD
CVSS 3.1
6.1
EPSS
0.1%
CVE-2025-58080 MEDIUM POC This Month

A reflected cross-site scripting (xss) vulnerability exists in the modifyHL7App functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. [CVSS 6.1 MEDIUM]

XSS Pacs Server
NVD
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-57881 MEDIUM POC This Month

A reflected cross-site scripting (xss) vulnerability exists in the modifyEmail functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. [CVSS 6.1 MEDIUM]

XSS Pacs Server
NVD
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-57786 MEDIUM POC This Month

A reflected cross-site scripting (xss) vulnerability exists in the notifynewstudy functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. [CVSS 6.1 MEDIUM]

XSS Pacs Server
NVD
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-54861 MEDIUM POC This Month

A reflected cross-site scripting (xss) vulnerability exists in the modifyCoercion functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. [CVSS 6.1 MEDIUM]

XSS Pacs Server
NVD
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-54853 MEDIUM POC This Month

A reflected cross-site scripting (xss) vulnerability exists in the modifyUser functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. [CVSS 6.1 MEDIUM]

XSS Pacs Server
NVD
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-54817 MEDIUM POC This Month

A reflected cross-site scripting (xss) vulnerability exists in the autoPurge functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious url can lead to arbitrary javascript code execution. [CVSS 6.1 MEDIUM]

XSS Pacs Server
NVD
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-54814 MEDIUM POC This Month

A reflected cross-site scripting (xss) vulnerability exists in the modifyAutopurgeFilter functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. [CVSS 6.1 MEDIUM]

XSS Pacs Server
NVD
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-54778 MEDIUM POC This Month

A reflected cross-site scripting (xss) vulnerability exists in the existingUser functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. [CVSS 6.1 MEDIUM]

XSS Pacs Server
NVD
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-54495 MEDIUM POC This Month

A reflected cross-site scripting (xss) vulnerability exists in the emailfailedjob functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious url can lead to arbitrary javascript code execution. [CVSS 6.1 MEDIUM]

XSS Pacs Server
NVD
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-54157 MEDIUM POC This Month

A reflected cross-site scripting (xss) vulnerability exists in the encapsulatedDoc functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. [CVSS 6.1 MEDIUM]

XSS Pacs Server
NVD
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-53854 MEDIUM POC This Month

A reflected cross-site scripting (xss) vulnerability exists in the modifyHL7Route functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. [CVSS 6.1 MEDIUM]

XSS Pacs Server
NVD
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-46270 MEDIUM POC This Month

A reflected cross-site scripting (xss) vulnerability exists in the fetchPriorStudies functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. [CVSS 6.1 MEDIUM]

XSS Pacs Server
NVD
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-36556 MEDIUM POC This Month

A reflected cross-site scripting (xss) vulnerability exists in the ldapUser functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. [CVSS 6.1 MEDIUM]

LDAP XSS Pacs Server
NVD
CVSS 3.1
6.1
EPSS
0.0%
CVE-2026-23950 MEDIUM POC PATCH This Month

Symlink poisoning via race condition in node-tar up to version 7.5.3 allows attackers to exploit Unicode normalization on case-insensitive filesystems like macOS APFS, where the path reservation system fails to serialize operations on colliding paths. Public exploit code exists for this vulnerability, enabling concurrent processing that bypasses internal safeguards. Node.js users and applications depending on vulnerable tar versions should update immediately, as attackers can leverage this to manipulate file operations during archive extraction.

Node.js Tar Apple RCE
NVD GitHub VulDB
CVSS 3.1
5.9
EPSS
0.0%
CVE-2026-1202 MEDIUM POC This Month

Authentication bypass in CRMEB up to version 5.6.3 allows unauthenticated remote attackers to manipulate the openId parameter in the Apple login function, gaining unauthorized access without valid credentials. Public exploit code exists for this vulnerability, and the vendor has not released a patch despite early notification. The flaw affects the LoginController.php authentication mechanism and carries a CVSS score of 7.3 with confirmed impact to confidentiality, integrity, and availability.

PHP Authentication Bypass
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.4%
CVE-2026-23874 MEDIUM POC PATCH This Month

Imagemagick versions up to 7.1.2-13 is affected by loop with unreachable exit condition (infinite loop) (CVSS 5.5).

Stack Overflow Imagemagick Red Hat Suse
NVD GitHub
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-1194 MEDIUM POC This Month

Information disclosure in MineAdmin 1.x/2.x through an exposed Swagger component allows unauthenticated remote attackers to access sensitive data over the network. Public exploit code exists for this vulnerability, and no patch is currently available from the vendor despite early notification.

Information Disclosure Mineadmin
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-66803 MEDIUM POC PATCH This Month

Race condition in the turbo-frame element handler in Hotwired Turbo before 8.0.x causes logout operations to fail when delayed frame responses reapply session cookies after logout. This can be exploited by remote attackers via selective network delays (e.g. [CVSS 4.8 MEDIUM]

Race Condition Turbo
NVD GitHub
CVSS 3.1
4.8
EPSS
0.1%
CVE-2025-33231 MEDIUM PATCH This Month

NVIDIA Nsight Systems for Windows contains a vulnerability in the application’s DLL loading mechanism where an attacker could cause an uncontrolled search path element by exploiting insecure DLL search paths. [CVSS 6.7 MEDIUM]

Windows Denial Of Service Privilege Escalation Information Disclosure Cuda Toolkit
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2026-1245 MEDIUM PATCH This Month

Unsafe code generation in binary-parser prior to version 2.3.0 allows remote code execution when processing untrusted input for parser field names or encoding parameters. Node.js applications using vulnerable versions of the library can be compromised to execute arbitrary JavaScript with process-level privileges. A patch is available and exploitation requires no authentication or user interaction.

Node.js Code Injection Binary Parser
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2026-22770 MEDIUM PATCH This Month

ImageMagick versions prior to 7.1.2-13 fail to properly initialize buffer elements in the BilateralBlurImage method, leading to invalid pointer dereference and potential denial of service when memory allocation fails. An attacker can exploit this through network vectors to crash affected applications or trigger undefined behavior with high complexity requirements. A patch is available in version 7.1.2-13 and later.

Information Disclosure Imagemagick Red Hat Suse
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2026-21960 MEDIUM PATCH This Month

Oracle Applications DBA versions 12.2.3-12.2.15 contain an authorization flaw in the Java utilities component that allows high-privileged attackers to gain unauthorized read and write access to sensitive data via HTTP. An authenticated attacker with administrative credentials can exploit this vulnerability to create, modify, or delete critical application data without restriction. A patch is available and should be prioritized for deployment in affected Oracle E-Business Suite environments.

Oracle Java Applications Dba
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2026-21978 MEDIUM This Month

Flexcube Universal Banking contains a vulnerability that allows attackers to unauthorized access to critical data or complete access to all Oracle FLEXCUBE U (CVSS 6.5).

Oracle Flexcube Universal Banking
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-21970 MEDIUM This Month

Life Sciences Central Designer versions up to 7.0.1.0 contains a vulnerability that allows attackers to unauthorized access to critical data or complete access to all Oracle Life Scien (CVSS 6.5).

Oracle Life Sciences Central Designer
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-21968 MEDIUM PATCH This Month

Mysql Server contains a vulnerability that allows attackers to unauthorized ability to cause a hang or frequently repeatable crash (complete DO (CVSS 6.5).

Oracle MySQL MSSQL Denial Of Service Mysql Server +2
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-21950 MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 9.0.0-9.5.0. [CVSS 6.5 MEDIUM]

Oracle MySQL MSSQL Denial Of Service Mysql Server +2
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-21949 MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 9.0.0-9.5.0. [CVSS 6.5 MEDIUM]

Oracle MySQL MSSQL Denial Of Service Mysql Server +2
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-21944 MEDIUM This Month

Agile Product Lifecycle Management For Process versions up to 6.2.4 is affected by cross-site scripting (xss) (CVSS 6.5).

Oracle Agile Product Lifecycle Management For Process
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-0622 MEDIUM PATCH This Month

Open5gs WebUI authentication can be bypassed by attackers who exploit the default hardcoded JWT signing key ("change-me") that is used when the JWT_SECRET_KEY environment variable is not configured. An attacker can forge valid JWT tokens to gain unauthorized access to the WebUI with limited confidentiality and integrity impacts. A patch is available to remediate this vulnerability by enforcing proper key configuration or using secure defaults.

Authentication Bypass Open5gs
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-12573 MEDIUM This Month

The Bookingor WordPress plugin through 1.0.12 exposes authenticated AJAX actions without capability or nonce checks, allowing low-privileged users to delete Bookingor WordPress plugin through 1.0.12 data. [CVSS 6.5 MEDIUM]

WordPress PHP
NVD WPScan
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-21980 MEDIUM This Month

Life Sciences Central Coding versions up to 7.0.1.0 contains a vulnerability that allows attackers to unauthorized update, insert or delete access to some of Oracle Life Sciences Cen (CVSS 6.5).

Oracle Life Sciences Central Coding
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-21923 MEDIUM This Month

Life Sciences Central Designer versions up to 7.0.1.0 contains a vulnerability that allows attackers to unauthorized update, insert or delete access to some of Oracle Life Sciences Cen (CVSS 6.5).

Oracle Life Sciences Central Designer
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-67261 MEDIUM This Month

Abacre Retail Point of Sale 14.0.0.396 is vulnerable to content-based blind SQL injection. The vulnerability exists in the Search function of the Orders page. [CVSS 6.5 MEDIUM]

SQLi Retail Point Of Sale
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-21641 MEDIUM This Month

Revive Adserver contains an authorization flaw in the tracker deletion function that permits authenticated users to delete trackers belonging to other accounts. An attacker with valid credentials can exploit this access control bypass to remove tracking objects outside their administrative scope, potentially disrupting competitor or other user operations. No patch is currently available for this vulnerability.

PHP Revive Adserver
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-0690 MEDIUM This Month

Stored cross-site scripting in FlatPM - Ad Manager plugin for WordPress up to version 3.2.2 allows authenticated contributors and higher-privileged users to inject malicious scripts through the rank_math_description field due to inadequate input sanitization. The injected scripts execute in the browsers of users viewing affected pages, potentially enabling credential theft, session hijacking, or other client-side attacks. No patch is currently available for this vulnerability.

WordPress XSS
NVD
CVSS 3.1
6.4
EPSS
0.0%
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy