Total CVEs

142,518

Critical Severity

3,992

High Severity

14,327

Last 7 Days

1,906
Quick preset (or use dates below)
Clear Filters
Showing 13,441 - 13,460 of 14,756 CVEs
CVE-2026-0554 MEDIUM - 4.3

The NotificationX plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'regenerate' and 'reset' REST API endpoints in all versions up to, and including, 3.1.11. This makes it possible for authenticated attackers, with Co...

Published: Jan 20, 2026
Source: NVD
CVE-2026-0548 MEDIUM - 5.4

The Tutor LMS โ€“ eLearning and online course solution plugin for WordPress is vulnerable to unauthorized attachment deletion due to a missing capability check on the `delete_existing_user_photo` function in all versions up to, and including, 3.9.4. This makes it possible for authenticated attackers, ...

Published: Jan 20, 2026
Source: NVD
CVE-2025-58095 MEDIUM - 6.1

Multiple reflected cross-site scripting (xss) vulnerabilities exist in the config.php functionality of MedDream PACS Premium 7.3.6.870. Specially crafted malicious URLs can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger these vulnerabilities.This vulner...

Vendor: MedDream
Product: MedDream PACS Premium
Published: Jan 20, 2026
Source: NVD
CVE-2025-58094 MEDIUM - 6.1

Multiple reflected cross-site scripting (xss) vulnerabilities exist in the config.php functionality of MedDream PACS Premium 7.3.6.870. Specially crafted malicious URLs can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger these vulnerabilities.This vulner...

Vendor: MedDream
Product: MedDream PACS Premium
Published: Jan 20, 2026
Source: NVD
CVE-2025-58093 MEDIUM - 6.1

Multiple reflected cross-site scripting (xss) vulnerabilities exist in the config.php functionality of MedDream PACS Premium 7.3.6.870. Specially crafted malicious URLs can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger these vulnerabilities.This vulner...

Vendor: MedDream
Product: MedDream PACS Premium
Published: Jan 20, 2026
Source: NVD
CVE-2025-58092 MEDIUM - 6.1

Multiple reflected cross-site scripting (xss) vulnerabilities exist in the config.php functionality of MedDream PACS Premium 7.3.6.870. Specially crafted malicious URLs can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger these vulnerabilities.This vulner...

Vendor: MedDream
Product: MedDream PACS Premium
Published: Jan 20, 2026
Source: NVD
CVE-2025-58091 MEDIUM - 6.1

Multiple reflected cross-site scripting (xss) vulnerabilities exist in the config.php functionality of MedDream PACS Premium 7.3.6.870. Specially crafted malicious URLs can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger these vulnerabilities.This vulner...

Vendor: MedDream
Product: MedDream PACS Premium
Published: Jan 20, 2026
Source: NVD
CVE-2025-58090 MEDIUM - 6.1

Multiple reflected cross-site scripting (xss) vulnerabilities exist in the config.php functionality of MedDream PACS Premium 7.3.6.870. Specially crafted malicious URLs can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger these vulnerabilities.This vulner...

Vendor: MedDream
Product: MedDream PACS Premium
Published: Jan 20, 2026
Source: NVD
CVE-2025-58089 MEDIUM - 6.1

Multiple reflected cross-site scripting (xss) vulnerabilities exist in the config.php functionality of MedDream PACS Premium 7.3.6.870. Specially crafted malicious URLs can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger these vulnerabilities.This vulner...

Vendor: MedDream
Product: MedDream PACS Premium
Published: Jan 20, 2026
Source: NVD
CVE-2025-58088 MEDIUM - 6.1

Multiple reflected cross-site scripting (xss) vulnerabilities exist in the config.php functionality of MedDream PACS Premium 7.3.6.870. Specially crafted malicious URLs can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger these vulnerabilities.This vulner...

Vendor: MedDream
Product: MedDream PACS Premium
Published: Jan 20, 2026
Source: NVD
CVE-2025-58087 MEDIUM - 6.1

Multiple reflected cross-site scripting (xss) vulnerabilities exist in the config.php functionality of MedDream PACS Premium 7.3.6.870. Specially crafted malicious URLs can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger these vulnerabilities.This vulner...

Vendor: MedDream
Product: MedDream PACS Premium
Published: Jan 20, 2026
Source: NVD
CVE-2025-58080 MEDIUM - 6.1

A reflected cross-site scripting (xss) vulnerability exists in the modifyHL7App functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability.

Vendor: MedDream
Product: MedDream PACS Premium
Published: Jan 20, 2026
Source: NVD
CVE-2025-57881 MEDIUM - 6.1

A reflected cross-site scripting (xss) vulnerability exists in the modifyEmail functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability.

Vendor: MedDream
Product: MedDream PACS Premium
Published: Jan 20, 2026
Source: NVD
CVE-2025-57787 MEDIUM - 6.1

A reflected cross-site scripting (xss) vulnerability exists in the modifyRoute functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability.

Vendor: MedDream
Product: MedDream PACS Premium
Published: Jan 20, 2026
Source: NVD
CVE-2025-57786 MEDIUM - 6.1

A reflected cross-site scripting (xss) vulnerability exists in the notifynewstudy functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability.

Vendor: MedDream
Product: MedDream PACS Premium
Published: Jan 20, 2026
Source: NVD
CVE-2025-55071 MEDIUM - 6.1

A reflected cross-site scripting (xss) vulnerability exists in the modifyAnonymize functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability.

Vendor: MedDream
Product: MedDream PACS Premium
Published: Jan 20, 2026
Source: NVD
CVE-2025-54861 MEDIUM - 6.1

A reflected cross-site scripting (xss) vulnerability exists in the modifyCoercion functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability.

Vendor: MedDream
Product: MedDream PACS Premium
Published: Jan 20, 2026
Source: NVD
CVE-2025-54853 MEDIUM - 6.1

A reflected cross-site scripting (xss) vulnerability exists in the modifyUser functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability.

Vendor: MedDream
Product: MedDream PACS Premium
Published: Jan 20, 2026
Source: NVD
CVE-2025-54852 MEDIUM - 6.1

A reflected cross-site scripting (xss) vulnerability exists in the modifyAeTitle functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability.

Vendor: MedDream
Product: MedDream PACS Premium
Published: Jan 20, 2026
Source: NVD
CVE-2025-54817 MEDIUM - 6.1

A reflected cross-site scripting (xss) vulnerability exists in the autoPurge functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious url can lead to arbitrary javascript code execution. An attacker can provide a URL to a malicious website to trigger this vulnerability.

Vendor: MedDream
Product: MedDream PACS Premium
Published: Jan 20, 2026
Source: NVD