CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

3219 matches found

CNNVD•added 2026/01/20 12:0 a.m.•2 views

MedDream PACS Premium security vulnerability

MedDream PACS Premium is an enterprise-level image storage and management server suite developed by MedDream Corporation. Version 7.3.6.870 of MedDream PACS Premium contains a security vulnerability, which stems from a reflection-type cross-site scripting vulnerability in the modifyHL7App functio...

6.1CVSS5.9AI score0.00064EPSS

Exploits1References2

Positive Technologies•added 2026/01/20 12:0 a.m.•2 views

PT-2026-3612

Name of the Vulnerable Software and Affected Versions MedDream PACS Premium version 7.3.6.870 Description The software contains multiple reflected cross-site scripting xss issues within the config.php functionality. A crafted URL can trigger these issues, potentially leading to arbitrary javascri...

6.1CVSS5.5AI score0.00083EPSS

Exploits1References4

Tenable Nessus•added 2026/01/20 12:0 a.m.•2 views

MiracleLinux 9 : firefox-115.11.0-1.el9_4.ML.1 (AXSA:2024-8277:19)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-8277:19 advisory. firefox: Arbitrary JavaScript execution in PDF.js CVE-2024-4367 firefox: IndexedDB files retained in private browsing mode CVE-2024-4767 firefox:...

8.8CVSS8AI score0.40321EPSS

Exploits17References7

Talos•added 2026/01/20 12:0 a.m.•6 views

MedDream PACS Premium emailfailedjob reflected cross-site scripting (XSS) vulnerability

Talos Vulnerability Report TALOS-2025-2255 MedDream PACS Premium emailfailedjob reflected cross-site scripting XSS vulnerability January 20, 2026 CVE Number CVE-2025-54495 SUMMARY A reflected cross-site scripting xss vulnerability exists in the emailfailedjob functionality of MedDream PACS Premiu...

6.1CVSS5.8AI score0.00064EPSS

Exploits1

Positive Technologies•added 2026/01/20 12:0 a.m.•4 views

PT-2026-3599

Name of the Vulnerable Software and Affected Versions MedDream PACS Premium version 7.3.6.870 Description A reflected cross-site scripting xss issue exists in the emailfailedjob functionality. A crafted URL can lead to arbitrary javascript code execution. An attacker can provide a malicious URL t...

6.1CVSS6AI score0.00064EPSS

Exploits1References4

OSV•added 2026/01/16 7:16 p.m.•2 views

CVE-2021-47838

Markright 1.0 contains a persistent cross-site scripting vulnerability that allows attackers to embed malicious payloads in markdown files. Attackers can upload specially crafted markdown files that execute arbitrary JavaScript when opened, potentially enabling remote code execution on the victim...

5.1CVSS6.4AI score0.00042EPSS

Exploits0References4

RedhatCVE•added 2026/01/16 2:23 p.m.•3 views

CVE-2026-22638

A cross-site scripting XSS vulnerability exists in Grafana caused by combining a client path traversal and open redirect. This allows attackers to redirect users to a website that hosts a frontend plugin that will execute arbitrary JavaScript. This vulnerability does not require editor permission...

8.3CVSS5.6AI score0.00037EPSS

Exploits0References1

NVD•added 2026/01/15 4:16 p.m.•1 views

CVE-2021-47843

Tagstoo 2.0.1 contains a stored cross-site scripting vulnerability that allows attackers to inject malicious payloads through files or custom tags. Attackers can execute arbitrary JavaScript code to spawn system processes, access files, and perform remote code execution on the victim's computer...

5.4CVSS0.00028EPSS

Exploits1References3

Cvelist•added 2026/01/15 3:52 p.m.•24 views

CVE-2021-47843 Tagstoo 2.0.1 - Stored XSS to RCE

5.4CVSS0.00028EPSS

Exploits1References3

Cvelist•added 2026/01/15 1:11 p.m.•24 views

CVE-2026-22638

...

0.00037EPSS

Exploits0

Cvelist•added 2026/01/15 1:10 p.m.•20 views

CVE-2026-22637

...

0.00035EPSS

Exploits0

Vulnrichment•added 2026/01/15 1:10 p.m.•1 views

CVE-2026-22637

...

5.3AI score0.00035EPSS

Exploits0

RedhatCVE•added 2026/01/14 11:19 p.m.•2 views

CVE-2022-50896

Testa 3.5.1 contains a reflected cross-site scripting vulnerability in the login.php redirect parameter that allows attackers to inject malicious scripts. Attackers can craft a specially encoded payload in the redirect parameter to execute arbitrary JavaScript in victim's browser context...

6.1CVSS6.5AI score0.00052EPSS

Exploits0References1

RedhatCVE•added 2026/01/14 11:19 p.m.•2 views

CVE-2022-50891

Owlfiles File Manager 12.0.1 contains a cross-site scripting vulnerability that allows attackers to inject malicious scripts through the path parameter in HTTP server endpoints. Attackers can craft URLs targeting the download and list endpoints with embedded script tags to execute arbitrary...

6.1CVSS6.6AI score0.00082EPSS

Exploits1References1

NVD•added 2026/01/13 11:15 p.m.•3 views

CVE-2022-50896

6.1CVSS0.00052EPSS

Exploits0References3

Cvelist•added 2026/01/13 10:56 p.m.•19 views

CVE-2023-53985 Zstore 6.5.4 - Reflected Cross-Site Scripting (XSS)

Zstore, now referred to as Zippy CRM, 6.5.4 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts through unvalidated input parameters. Attackers can submit crafted payloads in manual insertion points to execute arbitrary JavaScript code in...

6.1CVSS0.00107EPSS

Exploits1References5

CVE•added 2026/01/13 10:56 p.m.•5 views

CVE-2023-53985

CVE-2023-53985 affects Zstore (now Zippy CRM) version 6.5.4. A reflected cross-site scripting vulnerability exists due to unvalidated input parameters, allowing an attacker to inject and execute arbitrary JavaScript in a victim’s browser context. The CVSS metrics indicate network access with low ...

6.1CVSS6.2AI score0.00107EPSS

Exploits1References5Affected Software1

Vulnrichment•added 2026/01/13 10:56 p.m.•1 views

CVE-2023-53985 Zstore 6.5.4 - Reflected Cross-Site Scripting (XSS)

6.1CVSS6.2AI score0.00107EPSS

Exploits1References5

CVE•added 2026/01/13 10:56 p.m.•3 views

CVE-2022-50896

Testa 3.5.1 Online Test Management System is affected by a reflected XSS in the login.php redirect parameter. The root cause is an insufficent input sanitization allowing an attacker to craft a specially encoded payload in the redirect parameter to execute arbitrary JavaScript in a victim’s brows...

6.1CVSS6.1AI score0.00052EPSS

Exploits0References3

CNNVD•added 2026/01/13 12:0 a.m.•1 views

YouPHPTube 跨站脚本漏洞

YouPHPTube is a PHP-based video website system. A cross-site scripting vulnerability exists in YouPHPTube 7.8 and earlier versions, which stems from a cross-site scripting vulnerability in the redirectUri parameter in the signup page, which could lead to the execution of arbitrary JavaScript...

6.1CVSS5.9AI score0.00057EPSS

Exploits1References4

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by