Lucene search
K

661 matches found

NVD
NVD
added 2026/01/20 3:17 p.m.5 views

CVE-2025-58088

Multiple reflected cross-site scripting xss vulnerabilities exist in the config.php functionality of MedDream PACS Premium 7.3.6.870. Specially crafted malicious URLs can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger these vulnerabilities.This...

6.1CVSS0.00229EPSS
Exploits1References1
OSV
OSV
added 2026/01/20 3:17 p.m.4 views

CVE-2025-58087

Multiple reflected cross-site scripting xss vulnerabilities exist in the config.php functionality of MedDream PACS Premium 7.3.6.870. Specially crafted malicious URLs can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger these vulnerabilities.This...

6.1CVSS5.9AI score0.0024EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/01/20 2:49 p.m.3 views

CVE-2025-58092

Multiple reflected cross-site scripting xss vulnerabilities exist in the config.php functionality of MedDream PACS Premium 7.3.6.870. Specially crafted malicious URLs can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger these vulnerabilities.This...

6.1CVSS5.5AI score0.00229EPSS
Exploits1References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/01/20 2:49 p.m.4 views

CVE-2025-58088

Multiple reflected cross-site scripting xss vulnerabilities exist in the config.php functionality of MedDream PACS Premium 7.3.6.870. Specially crafted malicious URLs can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger these vulnerabilities.This...

6.1CVSS5.5AI score0.00229EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2026/01/20 2:49 p.m.18 views

CVE-2025-58087

Talos reports multiple reflected XSS vulnerabilities in MedDream PACS Premium 7.3.6.870, affecting the config.php status parameter. The issue allows an attacker to craft a URL that injects arbitrary JavaScript, enabling arbitrary code execution in the browser. CVE-2025-58087 is among a set of XSS...

6.1CVSS5.6AI score0.0024EPSS
Exploits1References1Affected Software1
CNNVD
CNNVD
added 2026/01/20 12:0 a.m.8 views

MedDream PACS Premium 跨站脚本漏洞

MedDream PACS Premium is an enterprise-class image storage and management server suite from MedDream. MedDream PACS Premium suffers from a cross-site scripting vulnerability that is caused by improper validation of user-supplied input in config.php. An attacker can exploit this vulnerability to...

6.1CVSS5.9AI score0.00229EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/01/20 12:0 a.m.5 views

MedDream PACS Premium Cross-site Scripting Vulnerability

MedDream PACS Premium is an enterprise-level image storage and management server suite developed by MedDream Corporation. Version 7.3.6.870 of MedDream PACS Premium contains a cross-site scripting vulnerability. This vulnerability stems from the worklistsrc parameter in the config.php file, which...

6.1CVSS5.8AI score0.00229EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/01/20 12:0 a.m.10 views

MedDream PACS Premium Cross-site Scripting Vulnerability

MedDream PACS Premium is an enterprise-level image storage and management server suite developed by MedDream Corporation. Version 7.3.6.870 of MedDream PACS Premium contains a cross-site scripting vulnerability. This vulnerability stems from the longtermdir parameter in the config.php function,...

6.1CVSS5.8AI score0.00229EPSS
Exploits1References2
Talos
Talos
added 2026/01/20 12:0 a.m.11 views

MedDream PACS Premium config.php multiple reflected cross-site scripting (XSS) vulnerability

Talos Vulnerability Report TALOS-2025-2271 MedDream PACS Premium config.php multiple reflected cross-site scripting XSS vulnerability January 20, 2026 CVE Number CVE-2025-58089,CVE-2025-58093,CVE-2025-58090,CVE-2025-58091,CVE-2025-58088,CVE-2025-58087,CVE-2025-58094,CVE-2025-58095,CVE-2025-58092...

6.1CVSS5.8AI score0.0024EPSS
Exploits9
RedhatCVE
RedhatCVE
added 2026/01/07 9:33 a.m.9 views

CVE-2019-7720

taocms through 2014-05-24 allows eval injection by placing PHP code in the install.php dbname parameter and then making a config.php request...

9.8CVSS7.4AI score0.01607EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/12/18 7:44 p.m.6 views

CVE-2025-62521

ChurchCRM is an open-source church management system. Prior to version 5.21.0, a pre-authentication remote code execution vulnerability in ChurchCRM's setup wizard allows unauthenticated attackers to inject arbitrary PHP code during the initial installation process, leading to complete server...

10CVSS8.3AI score0.04151EPSS
Exploits3References1
ATTACKERKB
ATTACKERKB
added 2025/12/16 7:21 a.m.4 views

CVE-2025-13439

The Fancy Product Designer plugin for WordPress is vulnerable to Information Disclosure and PHAR Deserialization in all versions up to, and including, 6.4.8. This is due to insufficient validation of user-supplied input in the 'url' parameter of the 'fpdcustomuplodfile' AJAX action, which flows...

5.9CVSS5.4AI score0.0026EPSS
Exploits0References3
EUVD
EUVD
added 2025/12/16 7:21 a.m.5 views

EUVD-2025-203524

The Fancy Product Designer plugin for WordPress is vulnerable to Information Disclosure in all versions up to, and including, 6.4.8. This is due to insufficient validation of user-supplied input in the 'url' parameter of the fpdcustomuplodfile AJAX action, which flows directly into the getimagesi...

6.5CVSS5.5AI score0.0026EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/12/03 3:18 a.m.9 views

CVE-2025-12529

The Cost Calculator Builder plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the deleteOrdersFiles function in all versions up to, and including, 3.6.3. This makes it possible for unauthenticated attackers to inject arbitrary file paths int...

8.8CVSS7.6AI score0.00469EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/11/01 8:9 a.m.7 views

CVE-2025-10897

The WooCommerce Designer Pro theme for WordPress is vulnerable to arbitrary file read in all versions up to, and including, 1.9.28. This makes it possible for unauthenticated attackers to read arbitrary files on the server, which can expose DB credentials when the wp-config.php file is read...

8.6CVSS6.2AI score0.01844EPSS
Exploits0References1
NVD
NVD
added 2025/10/31 8:15 a.m.6 views

CVE-2025-10897

The WooCommerce Designer Pro theme for WordPress is vulnerable to arbitrary file read in all versions up to, and including, 1.9.28. This makes it possible for unauthenticated attackers to read arbitrary files on the server, which can expose DB credentials when the wp-config.php file is read...

8.6CVSS0.01844EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/10/31 7:26 a.m.213 views

CVE-2025-10897 WooCommerce Designer Pro <= 1.9.28 - Unauthenticated Arbitrary File Read

The WooCommerce Designer Pro theme for WordPress is vulnerable to arbitrary file read in all versions up to, and including, 1.9.28. This makes it possible for unauthenticated attackers to read arbitrary files on the server, which can expose DB credentials when the wp-config.php file is read...

8.6CVSS0.01844EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/31 7:26 a.m.5 views

EUVD-2025-37310

The WooCommerce Designer Pro theme for WordPress is vulnerable to arbitrary file read in all versions up to, and including, 1.9.28. This makes it possible for unauthenticated attackers to read arbitrary files on the server, which can expose DB credentials when the wp-config.php file is read...

8.6CVSS5.7AI score0.01844EPSS
Exploits0References3
CVE
CVE
added 2025/10/31 7:26 a.m.18 views

CVE-2025-10897

The CVE-2025-10897 vulnerability affects the WooCommerce Designer Pro plugin for WordPress (versions up to and including 1.9.28). It allows unauthenticated arbitrary file reads, enabling an attacker to read server files such as wp-config.php and potentially exposed database credentials. Wordfence...

8.6CVSS5.8AI score0.01844EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/10/31 12:0 a.m.5 views

PT-2025-44586

Name of the Vulnerable Software and Affected Versions WooCommerce Designer Pro versions up to and including 1.9.28 Description The WooCommerce Designer Pro theme for WordPress is susceptible to an arbitrary file read issue. This allows unauthenticated attackers to read arbitrary files on the...

8.6CVSS5.9AI score0.01844EPSS
Exploits0References10
Rows per page
Query Builder