Lucene search
K

12 matches found

NVD
NVD
added 2026/05/25 3:16 p.m.14 views

CVE-2018-25374

Softneta MedDream PACS Server Premium 6.7.1.1 contains a directory traversal vulnerability that allows unauthenticated attackers to read arbitrary files by manipulating the path parameter. Attackers can send requests to nocache.php with encoded backslash sequences to traverse directories and acce...

8.7CVSS0.00785EPSS
Exploits0References3
CNVD
CNVD
added 2026/01/30 12:0 a.m.4 views

MedDream PACS Premium Cross-Site Scripting Vulnerability

MedDream PACS Premium is an enterprise-class image storage and management server suite from MedDream. MedDream PACS Premium suffers from a cross-site scripting vulnerability that is caused by improper validation of user-supplied input by the sendOruReport feature. An attacker could exploit the...

6.1CVSS5.8AI score0.00317EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/21 3:27 p.m.14 views

CVE-2025-58094

Multiple reflected cross-site scripting xss vulnerabilities exist in the config.php functionality of MedDream PACS Premium 7.3.6.870. Specially crafted malicious URLs can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger these vulnerabilities.This...

6.1CVSS5.6AI score0.00229EPSS
Exploits1References1
NVD
NVD
added 2026/01/20 3:17 p.m.4 views

CVE-2025-57786

A reflected cross-site scripting xss vulnerability exists in the notifynewstudy functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability...

6.1CVSS0.00235EPSS
Exploits1References2
OSV
OSV
added 2026/01/20 3:16 p.m.10 views

CVE-2025-53854

A reflected cross-site scripting xss vulnerability exists in the modifyHL7Route functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability...

5.4CVSS5.9AI score0.00286EPSS
Exploits1References2
NVD
NVD
added 2026/01/20 3:16 p.m.6 views

CVE-2025-46270

A reflected cross-site scripting xss vulnerability exists in the fetchPriorStudies functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability...

6.1CVSS0.00286EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/01/20 2:49 p.m.4 views

CVE-2025-53912

An arbitrary file read vulnerability exists in the encapsulatedDoc functionality of MedDream PACS Premium 7.3.6.870. A specially crafted HTTP request can lead to an arbitrary file read. An attacker can send http request to trigger this vulnerability...

9.6CVSS5.6AI score0.00436EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/01/20 12:0 a.m.5 views

PT-2026-3604

A reflected cross-site scripting xss vulnerability exists in the modifyUser functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability...

6.1CVSS5.6AI score0.00235EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/01/20 12:0 a.m.5 views

PT-2026-3596

A reflected cross-site scripting xss vulnerability exists in the modifyHL7Route functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability...

6.1CVSS5.6AI score0.00286EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/01/20 12:0 a.m.8 views

PT-2026-3606

A reflected cross-site scripting xss vulnerability exists in the modifyAnonymize functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability...

6.1CVSS5.6AI score0.0026EPSS
Exploits1References2
OSV
OSV
added 2025/07/28 2:15 p.m.4 views

CVE-2025-26469

An incorrect default permissions vulnerability exists in the CServerSettings::SetRegistryValues functionality of MedDream PACS Premium 7.3.3.840. A specially crafted application can decrypt credentials stored in a configuration-related registry key. An attacker can execute a malicious script or...

9.8CVSS5.8AI score0.00535EPSS
Exploits1References2
CNNVD
CNNVD
added 2025/07/28 12:0 a.m.8 views

MedDream PACS Premium 访问控制错误漏洞

MedDream PACS Premium is an enterprise-class image storage and management server suite from MedDream. MedDream PACS Premium suffers from an Access Control Error vulnerability that is caused by an error in the login.php function. An attacker can exploit the vulnerability to elevate privileges...

9.8CVSS7.3AI score0.00535EPSS
Exploits1References2
Rows per page
Query Builder