Lucene search
K

329 matches found

NVD
NVD
added 2026/05/25 3:16 p.m.20 views

CVE-2018-25372

MedDream PACS Server Premium 6.7.1.1 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the email parameter. Attackers can submit crafted POST requests to the userSignup.php endpoint with SQL payloads ...

8.8CVSS0.00305EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/25 2:15 p.m.8 views

CVE-2018-25374 Softneta MedDream PACS Server Premium 6.7.1.1 Directory Traversal

Softneta MedDream PACS Server Premium 6.7.1.1 contains a directory traversal vulnerability that allows unauthenticated attackers to read arbitrary files by manipulating the path parameter. Attackers can send requests to nocache.php with encoded backslash sequences to traverse directories and acce...

8.7CVSS5.9AI score0.00785EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/25 2:15 p.m.13 views

EUVD-2018-21897

Softneta MedDream PACS Server Premium 6.7.1.1 contains a directory traversal vulnerability that allows unauthenticated attackers to read arbitrary files by manipulating the path parameter. Attackers can send requests to nocache.php with encoded backslash sequences to traverse directories and acce...

8.7CVSS5.9AI score0.00785EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/05/25 2:15 p.m.13 views

CVE-2018-25372 MedDream PACS Server Premium 6.7.1.1 SQL Injection via email

MedDream PACS Server Premium 6.7.1.1 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the email parameter. Attackers can submit crafted POST requests to the userSignup.php endpoint with SQL payloads ...

8.8CVSS6.1AI score0.00305EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/25 2:15 p.m.13 views

EUVD-2018-21895

MedDream PACS Server Premium 6.7.1.1 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the email parameter. Attackers can submit crafted POST requests to the userSignup.php endpoint with SQL payloads ...

8.8CVSS6.1AI score0.00305EPSS
Exploits0References2
CNVD
CNVD
added 2026/01/30 12:0 a.m.4 views

MedDream PACS Premium Arbitrary File Read Vulnerability

MedDream PACS Premium is an enterprise-class image storage and management server suite from MedDream. An arbitrary file read vulnerability exists in MedDream PACS Premium, which can be exploited by an attacker to cause arbitrary files to be read...

9.6CVSS5.8AI score0.00436EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/01/29 2:28 p.m.5 views

CVE-2020-37009

MedDream PACS Server 6.8.3.751 contains an authenticated remote code execution vulnerability that allows authorized users to upload malicious PHP files. Attackers can exploit the uploadImage.php endpoint by authenticating and uploading a PHP shell to execute arbitrary system commands with elevate...

8.8CVSS6.7AI score0.00521EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2026/01/29 2:28 p.m.12 views

CVE-2020-37009

CVE-2020-37009 affects MedDream PACS Server 6.8.3.751. The connected records confirm an authenticated remote code execution vulnerability where an authorized user can upload PHP files via the uploadImage.php endpoint, enabling execution of arbitrary system commands with elevated privileges. CVSS ...

8.8CVSS6.7AI score0.00521EPSS
Exploits0References3
CNVD
CNVD
added 2026/01/29 12:0 a.m.3 views

MedDream PACS Premium Cross-Site Scripting Vulnerability (CNVD-2026-10667)

MedDream PACS Premium is an enterprise-class image storage and management server suite from MedDream. MedDream PACS Premium suffers from a cross-site scripting vulnerability that is caused by improper validation of user-supplied input in config.php. An attacker can exploit this vulnerability to...

6.1CVSS5.8AI score0.00229EPSS
Exploits1References1
CNVD
CNVD
added 2026/01/26 12:0 a.m.7 views

MedDream PACS Premium Cross-Site Scripting Vulnerability (CNVD-2026-11737)

MedDream PACS Premium is an enterprise-class image storage and management server suite from MedDream. MedDream PACS Premium suffers from a cross-site scripting vulnerability that is caused by improper validation of user-supplied input by the modifyUser feature. An attacker could exploit the...

6.1CVSS6.1AI score0.00235EPSS
Exploits1References1
CNVD
CNVD
added 2026/01/26 12:0 a.m.6 views

MedDream PACS Premium Cross-Site Scripting Vulnerability (CNVD-2026-10670)

MedDream PACS Premium is an enterprise-class image storage and management server suite from MedDream. MedDream PACS Premium suffers from a cross-site scripting vulnerability that is caused by improper validation of user-supplied input by the email failedjob feature. An attacker could exploit the...

6.1CVSS5.8AI score0.00286EPSS
Exploits1References1
CNVD
CNVD
added 2026/01/26 12:0 a.m.7 views

MedDream PACS Premium Cross-Site Scripting Vulnerability (CNVD-2026-10669)

MedDream PACS Premium is an enterprise-class image storage and management server suite from MedDream. MedDream PACS Premium suffers from a cross-site scripting vulnerability that is caused by improper validation of user-supplied input by the Download Zip feature. An attacker could exploit the...

6.1CVSS5.8AI score0.00317EPSS
Exploits1References1
Talos Blog
Talos Blog
added 2026/01/22 1:54 p.m.6 views

Foxit, Epic Games Store, MedDreams vulnerabilities

Cisco Talos' Vulnerability Discovery & Research team recently disclosed three vulnerabilities in Foxit PDF Editor, one in the Epic Games Store, and twenty-one in MedDream PACS. The vulnerabilities mentioned in this blog post have been patched by their respective vendors, all in adherence to Cisco...

9.6CVSS5.8AI score0.00436EPSS
Exploits22
RedhatCVE
RedhatCVE
added 2026/01/21 3:27 p.m.17 views

CVE-2025-58090

Multiple reflected cross-site scripting xss vulnerabilities exist in the config.php functionality of MedDream PACS Premium 7.3.6.870. Specially crafted malicious URLs can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger these vulnerabilities.This...

6.1CVSS5.6AI score0.00229EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/21 3:27 p.m.10 views

CVE-2025-58080

A reflected cross-site scripting xss vulnerability exists in the modifyHL7App functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability...

6.1CVSS5.6AI score0.00235EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/21 3:27 p.m.16 views

CVE-2025-58092

Multiple reflected cross-site scripting xss vulnerabilities exist in the config.php functionality of MedDream PACS Premium 7.3.6.870. Specially crafted malicious URLs can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger these vulnerabilities.This...

6.1CVSS5.6AI score0.00229EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/21 3:27 p.m.9 views

CVE-2025-58093

Multiple reflected cross-site scripting xss vulnerabilities exist in the config.php functionality of MedDream PACS Premium 7.3.6.870. Specially crafted malicious URLs can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger these vulnerabilities.This...

6.1CVSS5.6AI score0.00229EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/21 3:27 p.m.10 views

CVE-2025-58088

Multiple reflected cross-site scripting xss vulnerabilities exist in the config.php functionality of MedDream PACS Premium 7.3.6.870. Specially crafted malicious URLs can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger these vulnerabilities.This...

6.1CVSS5.6AI score0.00229EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/21 3:27 p.m.7 views

CVE-2025-58089

Multiple reflected cross-site scripting xss vulnerabilities exist in the config.php functionality of MedDream PACS Premium 7.3.6.870. Specially crafted malicious URLs can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger these vulnerabilities.This...

6.1CVSS5.6AI score0.00229EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/21 3:27 p.m.13 views

CVE-2025-58095

Multiple reflected cross-site scripting xss vulnerabilities exist in the config.php functionality of MedDream PACS Premium 7.3.6.870. Specially crafted malicious URLs can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger these vulnerabilities.This...

6.1CVSS5.6AI score0.0024EPSS
Exploits1References1
Rows per page
Query Builder