Latest CVE Feed
-
6.1
MEDIUMCVE-2025-44000
A reflected cross-site scripting (xss) vulnerability exists in the sendOruReport functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to ... Read more
Affected Products : pacs_server- Published: Jan. 20, 2026
- Modified: Jan. 29, 2026
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2025-53516
A reflected cross-site scripting (xss) vulnerability exists in the downloadZip functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious url can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to tr... Read more
Affected Products : pacs_server- Published: Jan. 20, 2026
- Modified: Jan. 29, 2026
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2025-57786
A reflected cross-site scripting (xss) vulnerability exists in the notifynewstudy functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to... Read more
Affected Products : pacs_server- Published: Jan. 20, 2026
- Modified: Jan. 29, 2026
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2025-57787
A reflected cross-site scripting (xss) vulnerability exists in the modifyRoute functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to tr... Read more
Affected Products : pacs_server- Published: Jan. 20, 2026
- Modified: Jan. 29, 2026
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2025-58088
Multiple reflected cross-site scripting (xss) vulnerabilities exist in the config.php functionality of MedDream PACS Premium 7.3.6.870. Specially crafted malicious URLs can lead to arbitrary javascript code execution. An attacker can provide a crafted URL... Read more
Affected Products : pacs_server- Published: Jan. 20, 2026
- Modified: Jan. 29, 2026
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2025-58089
Multiple reflected cross-site scripting (xss) vulnerabilities exist in the config.php functionality of MedDream PACS Premium 7.3.6.870. Specially crafted malicious URLs can lead to arbitrary javascript code execution. An attacker can provide a crafted URL... Read more
Affected Products : pacs_server- Published: Jan. 20, 2026
- Modified: Jan. 29, 2026
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2026-21642
HackerOne community member Patrick Lang (7yr) has reported a reflected XSS vulnerability in the `banner-acl.php` and `channel-acl.php` scripts of Revive Adserver. An attacker can craft a specific URL that includes an HTML payload in a parameter. If a logg... Read more
Affected Products : revive_adserver- Published: Jan. 20, 2026
- Modified: Jan. 30, 2026
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2025-67025
Cross Site Scripting vulnerability in Anycomment anycomment.io 0.4.4 allows a remote attacker to execute arbitrary code via the Anycomment comment section... Read more
Affected Products : anycomment.io- Published: Jan. 15, 2026
- Modified: Jan. 30, 2026
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2026-1127
The Timeline Event History plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the `id` parameter in all versions up to, and including, 3.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthe... Read more
Affected Products :- Published: Jan. 24, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2026-23730
WeGIA is a web manager for charitable institutions. Prior to 3.6.2, an Open Redirect vulnerability was identified in the /WeGIA/controle/control.php endpoint of the WeGIA application, specifically through the nextPage parameter when combined with metodo=l... Read more
Affected Products : wegia- Published: Jan. 16, 2026
- Modified: Jan. 30, 2026
- Vuln Type: Misconfiguration
-
6.1
MEDIUMCVE-2026-23727
WeGIA is a web manager for charitable institutions. Prior to 3.6.2, an Open Redirect vulnerability was identified in the /WeGIA/controle/control.php endpoint of the WeGIA application, specifically through the nextPage parameter when combined with metodo=l... Read more
Affected Products : wegia- Published: Jan. 16, 2026
- Modified: Jan. 30, 2026
- Vuln Type: Misconfiguration
-
6.1
MEDIUMCVE-2026-23726
WeGIA is a web manager for charitable institutions. Prior to 3.6.2, An Open Redirect vulnerability was identified in the /WeGIA/controle/control.php endpoint of the WeGIA application, specifically through the nextPage parameter when combined with metodo=l... Read more
Affected Products : wegia- Published: Jan. 16, 2026
- Modified: Jan. 30, 2026
- Vuln Type: Misconfiguration
-
6.1
MEDIUMCVE-2026-23729
WeGIA is a web manager for charitable institutions. Prior to 3.6.2, an Open Redirect vulnerability was identified in the /WeGIA/controle/control.php endpoint of the WeGIA application, specifically through the nextPage parameter when combined with metodo=l... Read more
Affected Products : wegia- Published: Jan. 16, 2026
- Modified: Jan. 30, 2026
- Vuln Type: Misconfiguration
-
6.1
MEDIUMCVE-2025-13701
The Shabat Keeper plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the $_SERVER['PHP_SELF'] parameter in all versions up to, and including, 0.4.4 due to insufficient input sanitization and output escaping. This makes it possible fo... Read more
Affected Products :- Published: Jan. 09, 2026
- Modified: Jan. 13, 2026
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2026-24555
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in artplacer ArtPlacer Widget artplacer-widget allows Stored XSS.This issue affects ArtPlacer Widget: from n/a through <= 2.23.1.... Read more
Affected Products : artplacer_widget- Published: Jan. 23, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2026-22913
Improper handling of a URL parameter may allow attackers to execute code in a user's browser after login. This can lead to the extraction of sensitive data.... Read more
- Published: Jan. 15, 2026
- Modified: Jan. 23, 2026
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2025-68970
Permission verification bypass vulnerability in the media library module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.... Read more
- Published: Jan. 14, 2026
- Modified: Jan. 15, 2026
- Vuln Type: Authorization
-
6.1
MEDIUMCVE-2025-53240
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in adamlabs WordPress Photo Gallery photo-gallery-portfolio allows Reflected XSS.This issue affects WordPress Photo Gallery: from n/a through <= 1.1.0.... Read more
Affected Products :- Published: Jan. 22, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2025-49249
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ApusTheme Drone drone allows Reflected XSS.This issue affects Drone: from n/a through <= 1.40.... Read more
Affected Products :- Published: Jan. 22, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2026-0405
An authentication bypass vulnerability in NETGEAR Orbi devices allows users connected to the local network to access the router web interface as an admin.... Read more
Affected Products :- Published: Jan. 13, 2026
- Modified: Jan. 14, 2026
- Vuln Type: Authentication