Total CVEs

142,518

Critical Severity

3,992

High Severity

14,327

Last 7 Days

1,906
Quick preset (or use dates below)
Clear Filters
Showing 13,461 - 13,480 of 14,756 CVEs
CVE-2025-54814 MEDIUM - 6.1

A reflected cross-site scripting (xss) vulnerability exists in the modifyAutopurgeFilter functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability.

Vendor: MedDream
Product: MedDream PACS Premium
Published: Jan 20, 2026
Source: NVD
CVE-2025-54778 MEDIUM - 6.1

A reflected cross-site scripting (xss) vulnerability exists in the existingUser functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability.

Vendor: MedDream
Product: MedDream PACS Premium
Published: Jan 20, 2026
Source: NVD
CVE-2025-54495 MEDIUM - 6.1

A reflected cross-site scripting (xss) vulnerability exists in the emailfailedjob functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious url can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability.

Vendor: MedDream
Product: MedDream PACS Premium
Published: Jan 20, 2026
Source: NVD
CVE-2025-54157 MEDIUM - 6.1

A reflected cross-site scripting (xss) vulnerability exists in the encapsulatedDoc functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability.

Vendor: MedDream
Product: MedDream PACS Premium
Published: Jan 20, 2026
Source: NVD
CVE-2025-53854 MEDIUM - 6.1

A reflected cross-site scripting (xss) vulnerability exists in the modifyHL7Route functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability.

Vendor: MedDream
Product: MedDream PACS Premium
Published: Jan 20, 2026
Source: NVD
CVE-2025-53707 MEDIUM - 6.1

A reflected cross-site scripting (xss) vulnerability exists in the modifyTranscript functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability.

Vendor: MedDream
Product: MedDream PACS Premium
Published: Jan 20, 2026
Source: NVD
CVE-2025-53516 MEDIUM - 6.1

A reflected cross-site scripting (xss) vulnerability exists in the downloadZip functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious url can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability.

Vendor: MedDream
Product: MedDream PACS Premium
Published: Jan 20, 2026
Source: NVD
CVE-2025-46270 MEDIUM - 6.1

A reflected cross-site scripting (xss) vulnerability exists in the fetchPriorStudies functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability.

Vendor: MedDream
Product: MedDream PACS Premium
Published: Jan 20, 2026
Source: NVD
CVE-2025-44000 MEDIUM - 6.1

A reflected cross-site scripting (xss) vulnerability exists in the sendOruReport functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability.

Vendor: MedDream
Product: MedDream PACS Premium
Published: Jan 20, 2026
Source: NVD
CVE-2025-36556 MEDIUM - 6.1

A reflected cross-site scripting (xss) vulnerability exists in the ldapUser functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability.

Vendor: MedDream
Product: MedDream PACS Premium
Published: Jan 20, 2026
Source: NVD
CVE-2025-1722 MEDIUM - 5.9

IBM Concert 1.0.0 through 2.1.0 could allow a remote attacker to obtain sensitive information from allocated memory due to improper clearing of heap memory.

Vendor: ibm
Product: concert
Published: Jan 20, 2026
Source: NVD
CVE-2025-1719 MEDIUM - 5.9

IBM Concert 1.0.0 through 2.1.0 could allow a remote attacker to obtain sensitive information from allocated memory due to improper clearing of heap memory.

Vendor: ibm
Product: concert
Published: Jan 20, 2026
Source: NVD
CVE-2025-15043 MEDIUM - 5.4

The The Events Calendar plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the 'start_migration', 'cancel_migration', and 'revert_migration' functions in all versions up to, and including, 6.15.13. This makes it possible for a...

Vendor: stellarwp
Product: The Events Calendar
Published: Jan 20, 2026
Source: NVD
CVE-2025-13925 MEDIUM - 4.9

IBM Aspera Console 3.4.7 stores potentially sensitive information in log files that could be read by a local privileged user.

Vendor: IBM
Product: Aspera Console
Published: Jan 20, 2026
Source: NVD
CVE-2026-1180 MEDIUM - 5.8

A flaw was identified in Keycloakโ€™s OpenID Connect Dynamic Client Registration feature when clients authenticate using private_key_jwt. The issue allows a client to specify an arbitrary jwks_uri, which Keycloak then retrieves without validating the destination. This enables attackers to coerce the K...

Published: Jan 20, 2026
Source: NVD
CVE-2025-14369 MEDIUM - 5.5

dr_flac, an audio decoder within the dr_libs toolset, contains an integer overflow vulnerability flaw due to trusting the totalPCMFrameCount field from FLAC metadata before calculating buffer size, allowing an attacker with a specially crafted file to perform DoS against programs using the tool.

Vendor: mackron
Product: dr_flac
Published: Jan 20, 2026
Source: NVD
CVE-2025-41768 MEDIUM - 5.5

On an instance of TwinCAT 3 HMI Server running on a device an authenticated administrator can inject arbitrary content into the custom CSS field which is persisted on the device and later returned via the login page and error page.

Vendor: Beckhoff Automation
Product: TwinCAT.HMI.Server, TF2000-HMI-Server, tf2000-hmi-server
Published: Jan 20, 2026
Source: NVD
CVE-2026-1223 MEDIUM - 4.9

PrismX MX100 AP controller developed by BROWAN COMMUNICATIONS has an Insufficiently Protected Credentials vulnerability, allowing privileged remote attackers to allowing authenticated remote attackers to obtain SMTP plaintext passwords through the web frontend.

Published: Jan 20, 2026
Source: NVD
CVE-2025-66523 MEDIUM - 6.1

URL parameters are directly embedded into JavaScript code or HTML attributes without proper encoding or sanitization. This allows attackers to inject arbitrary scripts when an authenticated user visits a crafted link. This issue affects na1.foxitesign.foxit.com: before 2026โ€‘01โ€‘16.

Vendor: Foxit Software Inc.
Product: na1.foxitesign.foxit.com
Published: Jan 20, 2026
Source: NVD
CVE-2026-1218 MEDIUM - 6.3

A vulnerability was detected in Bjskzy Zhiyou ERP up to 11.0. Impacted is the function initRCForm of the file RichClientService.class of the component com.artery.richclient.RichClientService. Performing a manipulation results in xml external entity reference. The attack is possible to be carried out...

Published: Jan 20, 2026
Source: NVD