Latest CVE Feed
-
6.1
MEDIUMCVE-2025-54853
A reflected cross-site scripting (xss) vulnerability exists in the modifyUser functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to tri... Read more
Affected Products :- Published: Jan. 20, 2026
- Modified: Jan. 20, 2026
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2025-54852
A reflected cross-site scripting (xss) vulnerability exists in the modifyAeTitle functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to ... Read more
Affected Products :- Published: Jan. 20, 2026
- Modified: Jan. 20, 2026
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2025-54817
A reflected cross-site scripting (xss) vulnerability exists in the autoPurge functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious url can lead to arbitrary javascript code execution. An attacker can provide a URL to a malicious ... Read more
Affected Products :- Published: Jan. 20, 2026
- Modified: Jan. 20, 2026
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2025-54814
A reflected cross-site scripting (xss) vulnerability exists in the modifyAutopurgeFilter functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. An attacker can provide a crafted... Read more
Affected Products :- Published: Jan. 20, 2026
- Modified: Jan. 20, 2026
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2025-54778
A reflected cross-site scripting (xss) vulnerability exists in the existingUser functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to t... Read more
Affected Products :- Published: Jan. 20, 2026
- Modified: Jan. 20, 2026
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2025-54495
A reflected cross-site scripting (xss) vulnerability exists in the emailfailedjob functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious url can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to... Read more
Affected Products :- Published: Jan. 20, 2026
- Modified: Jan. 20, 2026
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2025-54157
A reflected cross-site scripting (xss) vulnerability exists in the encapsulatedDoc functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. An attacker can provide a crafted URL t... Read more
Affected Products :- Published: Jan. 20, 2026
- Modified: Jan. 20, 2026
- Vuln Type: Cross-Site Scripting
-
9.6
CRITICALCVE-2025-53912
An arbitrary file read vulnerability exists in the encapsulatedDoc functionality of MedDream PACS Premium 7.3.6.870. A specially crafted HTTP request can lead to an arbitrary file read. An attacker can send http request to trigger this vulnerability.... Read more
Affected Products :- Published: Jan. 20, 2026
- Modified: Jan. 20, 2026
- Vuln Type: Path Traversal
-
6.1
MEDIUMCVE-2025-53854
A reflected cross-site scripting (xss) vulnerability exists in the modifyHL7Route functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to... Read more
Affected Products :- Published: Jan. 20, 2026
- Modified: Jan. 20, 2026
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2025-53707
A reflected cross-site scripting (xss) vulnerability exists in the modifyTranscript functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. An attacker can provide a crafted URL ... Read more
Affected Products :- Published: Jan. 20, 2026
- Modified: Jan. 20, 2026
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2025-53516
A reflected cross-site scripting (xss) vulnerability exists in the downloadZip functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious url can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to tr... Read more
Affected Products :- Published: Jan. 20, 2026
- Modified: Jan. 20, 2026
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2025-46270
A reflected cross-site scripting (xss) vulnerability exists in the fetchPriorStudies functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. An attacker can provide a crafted URL... Read more
Affected Products :- Published: Jan. 20, 2026
- Modified: Jan. 20, 2026
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2025-44000
A reflected cross-site scripting (xss) vulnerability exists in the sendOruReport functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to ... Read more
Affected Products :- Published: Jan. 20, 2026
- Modified: Jan. 20, 2026
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2025-36556
A reflected cross-site scripting (xss) vulnerability exists in the ldapUser functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigg... Read more
Affected Products :- Published: Jan. 20, 2026
- Modified: Jan. 20, 2026
- Vuln Type: Cross-Site Scripting
-
5.9
MEDIUMCVE-2025-1722
IBM Concert 1.0.0 through 2.1.0 could allow a remote attacker to obtain sensitive information from allocated memory due to improper clearing of heap memory.... Read more
Affected Products :- Published: Jan. 20, 2026
- Modified: Jan. 20, 2026
- Vuln Type: Information Disclosure
-
5.9
MEDIUMCVE-2025-1719
IBM Concert 1.0.0 through 2.1.0 could allow a remote attacker to obtain sensitive information from allocated memory due to improper clearing of heap memory.... Read more
Affected Products :- Published: Jan. 20, 2026
- Modified: Jan. 20, 2026
- Vuln Type: Information Disclosure
-
7.2
HIGHCVE-2025-15380
The NotificationX – FOMO, Live Sales Notification, WooCommerce Sales Popup, GDPR, Social Proof, Announcement Banner & Floating Notification Bar plugin for WordPress is vulnerable to DOM-Based Cross-Site Scripting via the 'nx-preview' POST parameter in all... Read more
Affected Products :- Published: Jan. 20, 2026
- Modified: Jan. 20, 2026
- Vuln Type: Cross-Site Scripting
-
8.8
HIGHCVE-2025-15347
The Creator LMS – The LMS for Creators, Coaches, and Trainers plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check in the get_items_permissions_check function in al... Read more
Affected Products :- Published: Jan. 20, 2026
- Modified: Jan. 20, 2026
- Vuln Type: Authorization
-
5.4
MEDIUMCVE-2025-15043
The The Events Calendar plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the 'start_migration', 'cancel_migration', and 'revert_migration' functions in all versions up to, and including, 6.15.13. This makes it... Read more
Affected Products :- Published: Jan. 20, 2026
- Modified: Jan. 20, 2026
- Vuln Type: Authorization
-
8.4
HIGHCVE-2025-14115
IBM Sterling Connect:Direct for UNIX Container 6.3.0.0 through 6.3.0.6 Interim Fix 016, and 6.4.0.0 through 6.4.0.3 Interim Fix 019 IBM® Sterling Connect:Direct for UNIX contains hard-coded credentials, such as a password or cryptographic key, which it us... Read more
Affected Products :- Published: Jan. 20, 2026
- Modified: Jan. 20, 2026
- Vuln Type: Cryptography