Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.1

    MEDIUM
    CVE-2025-54778

    A reflected cross-site scripting (xss) vulnerability exists in the existingUser functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to t... Read more

    Affected Products : pacs_server
    • Published: Jan. 20, 2026
    • Modified: Jan. 20, 2026
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2025-54495

    A reflected cross-site scripting (xss) vulnerability exists in the emailfailedjob functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious url can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to... Read more

    Affected Products : pacs_server
    • Published: Jan. 20, 2026
    • Modified: Jan. 20, 2026
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2025-54157

    A reflected cross-site scripting (xss) vulnerability exists in the encapsulatedDoc functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. An attacker can provide a crafted URL t... Read more

    Affected Products : pacs_server
    • Published: Jan. 20, 2026
    • Modified: Jan. 20, 2026
    • Vuln Type: Cross-Site Scripting

  • 9.6

    CRITICAL
    CVE-2025-53912

    An arbitrary file read vulnerability exists in the encapsulatedDoc functionality of MedDream PACS Premium 7.3.6.870. A specially crafted HTTP request can lead to an arbitrary file read. An attacker can send http request to trigger this vulnerability.... Read more

    Affected Products : pacs_server
    • Published: Jan. 20, 2026
    • Modified: Jan. 20, 2026
    • Vuln Type: Path Traversal

  • 6.1

    MEDIUM
    CVE-2025-53854

    A reflected cross-site scripting (xss) vulnerability exists in the modifyHL7Route functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to... Read more

    Affected Products : pacs_server
    • Published: Jan. 20, 2026
    • Modified: Jan. 20, 2026
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2025-53707

    A reflected cross-site scripting (xss) vulnerability exists in the modifyTranscript functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. An attacker can provide a crafted URL ... Read more

    Affected Products : pacs_server
    • Published: Jan. 20, 2026
    • Modified: Jan. 20, 2026
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2025-53516

    A reflected cross-site scripting (xss) vulnerability exists in the downloadZip functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious url can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to tr... Read more

    Affected Products : pacs_server
    • Published: Jan. 20, 2026
    • Modified: Jan. 20, 2026
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2025-46270

    A reflected cross-site scripting (xss) vulnerability exists in the fetchPriorStudies functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. An attacker can provide a crafted URL... Read more

    Affected Products : pacs_server
    • Published: Jan. 20, 2026
    • Modified: Jan. 20, 2026
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2025-44000

    A reflected cross-site scripting (xss) vulnerability exists in the sendOruReport functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to ... Read more

    Affected Products : pacs_server
    • Published: Jan. 20, 2026
    • Modified: Jan. 20, 2026
    • Vuln Type: Cross-Site Scripting

  • 6.1

    MEDIUM
    CVE-2025-36556

    A reflected cross-site scripting (xss) vulnerability exists in the ldapUser functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigg... Read more

    Affected Products : pacs_server
    • Published: Jan. 20, 2026
    • Modified: Jan. 20, 2026
    • Vuln Type: Cross-Site Scripting

  • 7.8

    HIGH
    CVE-2025-33233

    NVIDIA Merlin Transformers4Rec for all platforms contains a vulnerability where an attacker could cause code injection. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tam... Read more

    Affected Products :
    • Published: Jan. 20, 2026
    • Modified: Jan. 20, 2026
    • Vuln Type: Injection

  • 6.7

    MEDIUM
    CVE-2025-33231

    NVIDIA Nsight Systems for Windows contains a vulnerability in the application’s DLL loading mechanism where an attacker could cause an uncontrolled search path element by exploiting insecure DLL search paths. A successful exploit of this vulnerability mig... Read more

    Affected Products :
    • Published: Jan. 20, 2026
    • Modified: Jan. 20, 2026
    • Vuln Type: Misconfiguration

  • 7.3

    HIGH
    CVE-2025-33230

    NVIDIA Nsight Systems for Linux contains a vulnerability in the .run installer, where an attacker could cause an OS command injection by supplying a malicious string to the installation path. A successful exploit of this vulnerability might lead to escala... Read more

    Affected Products :
    • Published: Jan. 20, 2026
    • Modified: Jan. 20, 2026
    • Vuln Type: Injection

  • 7.3

    HIGH
    CVE-2025-33229

    NVIDIA Nsight Visual Studio for Windows contains a vulnerability in Nsight Monitor where an attacker can execute arbitrary code with the same privileges as the NVIDIA Nsight Visual Studio Edition Monitor application. A successful exploit of this vulnerabi... Read more

    Affected Products :
    • Published: Jan. 20, 2026
    • Modified: Jan. 20, 2026
    • Vuln Type: Memory Corruption

  • 7.3

    HIGH
    CVE-2025-33228

    NVIDIA Nsight Systems contains a vulnerability in the gfx_hotspot recipe, where an attacker could cause an OS command injection by supplying a malicious string to the process_nsys_rep_cli.py script if the script is invoked manually. A successful exploit o... Read more

    Affected Products :
    • Published: Jan. 20, 2026
    • Modified: Jan. 20, 2026
    • Vuln Type: Injection

  • 5.3

    MEDIUM
    CVE-2025-15536

    A weakness has been identified in BYVoid OpenCC up to 1.1.9. This vulnerability affects the function opencc::MaxMatchSegmentation of the file src/MaxMatchSegmentation.cpp. This manipulation causes heap-based buffer overflow. The attack is restricted to lo... Read more

    Affected Products :
    • Published: Jan. 18, 2026
    • Modified: Jan. 20, 2026
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2025-15281

    Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.... Read more

    Affected Products : glibc
    • Published: Jan. 20, 2026
    • Modified: Jan. 20, 2026
    • Vuln Type: Memory Corruption

  • 7.5

    HIGH
    CVE-2025-13151

    Stack-based buffer overflow in libtasn1 version: v4.20.0. The function fails to validate the size of input data resulting in a buffer overflow in asn1_expend_octet_string.... Read more

    Affected Products :
    • Published: Jan. 07, 2026
    • Modified: Jan. 20, 2026
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-37184

    A vulnerability exists in an Orchestrator service that could allow an unauthenticated remote attacker to bypass multi-factor authentication requirements. Successful exploitation could allow an attacker to create an admin user account without the necessary... Read more

    Affected Products : edgeconnect_sd-wan_orchestrator
    • Published: Jan. 14, 2026
    • Modified: Jan. 20, 2026
    • Vuln Type: Authentication

  • 6.1

    MEDIUM
    CVE-2026-22032

    Directus is a real-time API and App dashboard for managing SQL database content. Prior to version 11.14.0, an open redirect vulnerability exists in the Directus SAML authentication callback endpoint. During SAML authentication, the `RelayState` parameter ... Read more

    Affected Products : directus
    • Published: Jan. 08, 2026
    • Modified: Jan. 20, 2026
    • Vuln Type: Misconfiguration
Showing 20 of 4212 Results